docs(infra): pg backup & restore runbook for forte-drop

Covers: nightly backup mechanism, listing backups, manual trigger, full restore procedure (2-pod mc-download + psql-pipe), verification, object-data note, and a disaster-scenario recovery table.
feat(infra): drop in-cluster minio, add pg backup + PVC protection
2026-05-29 10:31:09 +02:00 · 2026-05-29 09:28:51 +02:00 · 2026-05-28 16:13:31 +02:00 · 2026-05-28 16:13:08 +02:00 · 2026-05-28 16:05:48 +02:00 · 2026-05-28 15:56:24 +02:00
280 changed files with 17587 additions and 25160 deletions
@@ -0,0 +1,2 @@
+# Force LF line endings for shell scripts
+*.sh text eol=lf
@@ -0,0 +1,47 @@
+name: AI Code Review
+
+on:
+  pull_request:
+    types: [ labeled, synchronize ]
+
+jobs:
+  ai-review:
+    if: >-
+      (github.event.action == 'synchronized' && contains(toJSON(github.event.pull_request.labels), 'ai-review')) || contains(toJSON(gitea.event.changes.added_labels), 'ai-review')
+    runs-on: ubuntu-latest
+
+    env:
+      AI_REVIEW_CONFIG_FILE_YAML: ./shared-prompts/iac/.ai-review.yaml
+      # VCS configuration
+      VCS__PROVIDER: GITEA
+      VCS__PIPELINE__OWNER: ${{ github.repository_owner }}
+      VCS__PIPELINE__REPO: ${{ github.event.repository.name }}
+      VCS__PIPELINE__PULL_NUMBER: ${{ github.event.pull_request.number }}
+      VCS__HTTP_CLIENT__API_URL: https://git.forteapps.net/api/v1
+      VCS__HTTP_CLIENT__API_TOKEN: ${{ secrets.AI_REVIEW_TOKEN }}
+      # Review — disable fallback to see real Gitea API errors
+      REVIEW__INLINE_COMMENT_FALLBACK: "false"
+      # LLM configuration
+      LLM__PROVIDER: CLAUDE
+      LLM__META__MODEL: claude-sonnet-4-20250514
+      LLM__META__MAX_TOKENS: "4096"
+      LLM__HTTP_CLIENT__API_URL: https://api.anthropic.com
+      LLM__HTTP_CLIENT__API_TOKEN: ${{ secrets.ANTHROPIC_API_KEY }}
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        submodules: true
+        fetch-depth: 0
+        token: ${{ secrets.AI_REVIEW_TOKEN }}
+
+    - name: Run inline review
+      uses: docker://nikitafilonov/ai-review:v0.64.0
+      with:
+        args: ai-review run-inline
+
+    - name: Run summary review
+      uses: docker://nikitafilonov/ai-review:v0.64.0
+      with:
+        args: ai-review run-summary
@@ -0,0 +1,18 @@
+# User-specific files
+*.user
+*.lock
+*.userosscache
+
+# User-specific files (MonoDevelop/Xamarin Studio)
+*.userprefs
+
+private/
+.helm/
+temp/
+*.orig
+CLAUDE.md
+.claude/
+devbox.d/
+devbox.lock
+.devbox/
+bash.exe.stackdump
@@ -0,0 +1,3 @@
+[submodule "shared-prompts"]
+	path = shared-prompts
+	url = https://git.forteapps.net/Forte/ai-review-prompts.git
@@ -1,460 +0,0 @@
-
-<!doctype html>
-<html lang="en" class="no-js">
-  <head>
-    
-      <meta charset="utf-8">
-      <meta name="viewport" content="width=device-width,initial-scale=1">
-      
-        <meta name="description" content="Documentation for the GitOps-managed Kubernetes cluster">
-      
-      
-      
-      
-      
-      
-        
-      
-      
-      <link rel="icon" href="/assets/images/favicon.png">
-      <meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.6">
-    
-    
-      
-        <title>K8s Launchpad</title>
-      
-    
-    
-      <link rel="stylesheet" href="/assets/stylesheets/main.484c7ddc.min.css">
-      
-        
-        <link rel="stylesheet" href="/assets/stylesheets/palette.ab4e12ef.min.css">
-      
-      
-
-
-    
-    
-      
-    
-    
-      
-        
-        
-        <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-        <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
-        <style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
-      
-    
-    
-    <script>__md_scope=new URL("/",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
-    
-      
-
-    
-    
-  </head>
-  
-  
-    
-    
-      
-    
-    
-    
-    
-    <body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
-  
-    
-    <input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
-    <input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
-    <label class="md-overlay" for="__drawer"></label>
-    <div data-md-component="skip">
-      
-    </div>
-    <div data-md-component="announce">
-      
-    </div>
-    
-    
-      
-
-  
-
-<header class="md-header md-header--shadow" data-md-component="header">
-  <nav class="md-header__inner md-grid" aria-label="Header">
-    <a href="/." title="K8s Launchpad" class="md-header__button md-logo" aria-label="K8s Launchpad" data-md-component="logo">
-      
-  
-  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
-
-    </a>
-    <label class="md-header__button md-icon" for="__drawer">
-      
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
-    </label>
-    <div class="md-header__title" data-md-component="header-title">
-      <div class="md-header__ellipsis">
-        <div class="md-header__topic">
-          <span class="md-ellipsis">
-            K8s Launchpad
-          </span>
-        </div>
-        <div class="md-header__topic" data-md-component="header-topic">
-          <span class="md-ellipsis">
-            
-              
-            
-          </span>
-        </div>
-      </div>
-    </div>
-    
-      
-        <form class="md-header__option" data-md-component="palette">
-  
-    
-    
-    
-    <input class="md-option" data-md-color-media="" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo"  aria-label="Switch to dark mode"  type="radio" name="__palette" id="__palette_0">
-    
-      <label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
-      </label>
-    
-  
-    
-    
-    
-    <input class="md-option" data-md-color-media="" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo"  aria-label="Switch to light mode"  type="radio" name="__palette" id="__palette_1">
-    
-      <label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
-      </label>
-    
-  
-</form>
-      
-    
-    
-      <script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
-    
-    
-    
-      
-      
-        <label class="md-header__button md-icon" for="__search">
-          
-          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
-        </label>
-        <div class="md-search" data-md-component="search" role="dialog">
-  <label class="md-search__overlay" for="__search"></label>
-  <div class="md-search__inner" role="search">
-    <form class="md-search__form" name="search">
-      <input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
-      <label class="md-search__icon md-icon" for="__search">
-        
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
-        
-        <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
-      </label>
-      <nav class="md-search__options" aria-label="Search">
-        
-        <button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
-          
-          <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
-        </button>
-      </nav>
-      
-    </form>
-    <div class="md-search__output">
-      <div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
-        <div class="md-search-result" data-md-component="search-result">
-          <div class="md-search-result__meta">
-            Initializing search
-          </div>
-          <ol class="md-search-result__list" role="presentation"></ol>
-        </div>
-      </div>
-    </div>
-  </div>
-</div>
-      
-    
-    
-      <div class="md-header__source">
-        <a href="https://git.forteapps.net/Forte/launchpad" title="Go to repository" class="md-source" data-md-component="source">
-  <div class="md-source__icon md-icon">
-    
-    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
-  </div>
-  <div class="md-source__repository">
-    Forte/launchpad
-  </div>
-</a>
-      </div>
-    
-  </nav>
-  
-</header>
-    
-    <div class="md-container" data-md-component="container">
-      
-      
-        
-          
-        
-      
-      <main class="md-main" data-md-component="main">
-        <div class="md-main__inner md-grid">
-          
-            
-              
-              <div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
-                <div class="md-sidebar__scrollwrap">
-                  <div class="md-sidebar__inner">
-                    
-
-
-
-<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
-  <label class="md-nav__title" for="__drawer">
-    <a href="/." title="K8s Launchpad" class="md-nav__button md-logo" aria-label="K8s Launchpad" data-md-component="logo">
-      
-  
-  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
-
-    </a>
-    K8s Launchpad
-  </label>
-  
-    <div class="md-nav__source">
-      <a href="https://git.forteapps.net/Forte/launchpad" title="Go to repository" class="md-source" data-md-component="source">
-  <div class="md-source__icon md-icon">
-    
-    <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
-  </div>
-  <div class="md-source__repository">
-    Forte/launchpad
-  </div>
-</a>
-    </div>
-  
-  <ul class="md-nav__list" data-md-scrollfix>
-    
-      
-      
-  
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="/." class="md-nav__link">
-        
-  
-  
-  <span class="md-ellipsis">
-    
-  
-    Home
-  
-
-    
-  </span>
-  
-  
-
-      </a>
-    </li>
-  
-
-    
-      
-      
-  
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="/GITOPS-ARCHITECTURE/" class="md-nav__link">
-        
-  
-  
-  <span class="md-ellipsis">
-    
-  
-    GitOps Architecture
-  
-
-    
-  </span>
-  
-  
-
-      </a>
-    </li>
-  
-
-    
-      
-      
-  
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="/DEVELOPER-GUIDE/" class="md-nav__link">
-        
-  
-  
-  <span class="md-ellipsis">
-    
-  
-    Developer Guide
-  
-
-    
-  </span>
-  
-  
-
-      </a>
-    </li>
-  
-
-    
-      
-      
-  
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="/OPERATIONS-RUNBOOK/" class="md-nav__link">
-        
-  
-  
-  <span class="md-ellipsis">
-    
-  
-    Operations Runbook
-  
-
-    
-  </span>
-  
-  
-
-      </a>
-    </li>
-  
-
-    
-      
-      
-  
-  
-  
-  
-    <li class="md-nav__item">
-      <a href="/REFERENCE/" class="md-nav__link">
-        
-  
-  
-  <span class="md-ellipsis">
-    
-  
-    Technical Reference
-  
-
-    
-  </span>
-  
-  
-
-      </a>
-    </li>
-  
-
-    
-  </ul>
-</nav>
-                  </div>
-                </div>
-              </div>
-            
-            
-              
-              <div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
-                <div class="md-sidebar__scrollwrap">
-                  <div class="md-sidebar__inner">
-                    
-
-<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
-  
-  
-  
-  
-</nav>
-                  </div>
-                </div>
-              </div>
-            
-          
-          
-            <div class="md-content" data-md-component="content">
-              
-              <article class="md-content__inner md-typeset">
-                
-  <h1>404 - Not found</h1>
-
-              </article>
-            </div>
-          
-          
-<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
-        </div>
-        
-          <button type="button" class="md-top md-icon" data-md-component="top" hidden>
-  
-  <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
-  Back to top
-</button>
-        
-      </main>
-      
-        <footer class="md-footer">
-  
-  <div class="md-footer-meta md-typeset">
-    <div class="md-footer-meta__inner md-grid">
-      <div class="md-copyright">
-  
-  
-    Made with
-    <a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
-      Material for MkDocs
-    </a>
-  
-</div>
-      
-    </div>
-  </div>
-</footer>
-      
-    </div>
-    <div class="md-dialog" data-md-component="dialog">
-      <div class="md-dialog__inner md-typeset"></div>
-    </div>
-    
-    
-    
-      
-      
-      <script id="__config" type="application/json">{"annotate": null, "base": "/", "features": ["navigation.instant", "navigation.sections", "navigation.top", "search.highlight", "content.code.copy"], "search": "/assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script>
-    
-    
-      <script src="/assets/javascripts/bundle.79ae519e.min.js"></script>
-      
-    
-  </body>
-</html>
@@ -0,0 +1,527 @@
+# Kubernetes Cluster - GitOps Configuration
+
+> **Kubernetes cluster bootstrapping and GitOps configuration repository** using ArgoCD for multi-cloud Kubernetes (UpCloud, AWS EKS, Azure AKS, GCP GKE)
+
+[![GitOps](https://img.shields.io/badge/GitOps-ArgoCD-blue)](https://argoproj.github.io/cd/)
+[![Kubernetes](https://img.shields.io/badge/Kubernetes-Multi--Cloud-orange)]()
+
+---
+
+## 📚 Complete Documentation
+
+**New developers and operators**: Please refer to our comprehensive documentation for detailed guides and references:
+
+### 🎯 [**START HERE: Documentation Index**](docs/README.md)
+
+| Document | Description | Audience |
+|----------|-------------|----------|
+| **[GitOps Architecture](docs/GITOPS-ARCHITECTURE.md)** | System architecture, repository structure, GitOps workflows, security model | Everyone (start here) |
+| **[Developer Guide](docs/DEVELOPER-GUIDE.md)** | Local setup, deploying apps, managing secrets, troubleshooting | Developers |
+| **[Operations Runbook](docs/OPERATIONS-RUNBOOK.md)** | Cluster bootstrap, day-to-day operations, incident response, maintenance | Platform Engineers, SREs |
+| **[Technical Reference](docs/REFERENCE.md)** | Component specs, Helm charts, ArgoCD config, Kyverno policies, API docs | Everyone (reference) |
+
+---
+
+## 🚀 Quick Start
+
+### For New Developers
+```bash
+# 1. Clone repositories
+git clone https://git.forteapps.net/Forte/launchpad.git
+git clone ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
+
+# 2. Read the guides
+# - Start: docs/GITOPS-ARCHITECTURE.md
+# - Follow: docs/DEVELOPER-GUIDE.md
+
+# 3. Deploy your first app (see Developer Guide)
+```
+
+### For Operators
+```bash
+# 1. Bootstrap new cluster
+./bootstrap.sh
+
+# 2. Verify deployment
+kubectl get applications -n argocd
+kubectl get pods --all-namespaces
+
+# 3. Read Operations Runbook for day-to-day tasks
+```
+
+---
+
+## 📋 Overview
+
+This repository contains the complete GitOps configuration for our Kubernetes cluster, using the **App-of-Apps pattern** with ArgoCD.
+
+### What's Inside
+
+- **Infrastructure Applications**: Traefik, Cert-Manager, Kyverno, Prometheus, Grafana, Loki, Tempo, Sealed Secrets, Homepage (platform dashboard)
+- **Business Applications**: MCP10X, MusicMan, Dot-AI Stack, ArgoCD MCP
+- **Policies**: Kyverno security policies for secret management, namespace controls, pod verification
+- **Monitoring**: Full observability stack with metrics, logs, traces, and alerting
+- **Secrets**: Sealed Secrets for secure Git storage
+
+### Key Features
+
+✅ **GitOps-Native**: Git is the single source of truth
+✅ **Auto-Sync**: Changes automatically deployed (60s reconciliation)
+✅ **Self-Healing**: Manual cluster changes are reverted
+✅ **Multi-Source**: Separate chart templates from configuration
+✅ **Policy Enforcement**: Kyverno ensures security and compliance
+✅ **Authentication**: Automatic sidecar injection (token & OIDC support)
+✅ **TLS Everywhere**: Automatic Let's Encrypt certificates
+✅ **Full Observability**: Prometheus, Grafana, Loki, Tempo integration
+
+---
+
+## 🗂️ Repository Structure
+
+```
+.
+├── bootstrap.sh                # Cluster initialization script
+├── _app-of-apps.yaml          # Root ArgoCD Application (App-of-Apps pattern)
+│
+├── infra/                     # Infrastructure ArgoCD Applications (Kustomize multi-cluster)
+│   ├── base/                  # Base ArgoCD Application manifests (one dir per component)
+│   │   ├── kustomization.yaml # Aggregates all component subdirectories
+│   │   ├── traefik-application/
+│   │   │   ├── kustomization.yaml
+│   │   │   └── traefik-application.yaml
+│   │   ├── keycloak/
+│   │   │   ├── kustomization.yaml
+│   │   │   └── keycloak.yaml
+│   │   ├── grafana/
+│   │   ├── prometheus/
+│   │   ├── ...               # Each component in its own subdirectory
+│   │   └── secrets/
+│   ├── overlays/              # Per-cluster overrides (Kustomize)
+│   │   ├── upc-dev/           # UpCloud Dev — includes all base components
+│   │   ├── upc-prod/         # UpCloud Prod — all components + patches
+│   │   ├── aks-dev/          # Azure AKS Dev — selective components only
+│   │   ├── aks-prod/         # Azure AKS Prod
+│   │   ├── eks-dev/           # AWS EKS Dev
+│   │   ├── eks-prod/         # AWS EKS Prod
+│   │   ├── gke-dev/          # GCP GKE Dev
+│   │   └── gke-prod/         # GCP GKE Prod
+│   ├── dashboards/            # Grafana dashboard ConfigMaps
+│   └── values/                # Helm value overrides
+│       ├── base/              # Shared cloud-agnostic values
+│       ├── upc-dev/           # UpCloud Dev (storage, LB, pricing)
+│       ├── upc-prod/         # UpCloud Prod
+│       ├── eks-dev/           # AWS EKS Dev
+│       ├── eks-prod/         # AWS EKS Prod
+│       ├── aks-dev/        # Azure AKS Dev
+│       ├── aks-prod/       # Azure AKS Prod
+│       ├── gke-dev/          # GCP GKE Dev
+│       └── gke-prod/         # GCP GKE Prod
+│
+├── apps/                      # Business Applications (Kustomize, same pattern as infra)
+│   ├── base/                  # One subdirectory per app
+│   │   ├── kustomization.yaml
+│   │   ├── musicman/
+│   │   ├── mcp10x/
+│   │   ├── dot-ai-stack/
+│   │   ├── ts-mcp/
+│   │   └── argo-mcp/
+│   └── overlays/              # Per-cluster: cherry-pick or include all
+│       ├── upc-dev/           # All apps
+│       ├── upc-prod/         # All apps + patches
+│       └── aks-dev/          # Selective apps only
+│
+├── cluster-resources/         # Cluster-wide Kubernetes resources
+│   ├── letsencrypt-issuer.yaml
+│   ├── kyverno-config.yaml
+│   ├── *-sealed.yaml          # Sealed secrets
+│   └── policies/              # Kyverno policies
+│       ├── secret-cloner.yaml
+│       ├── default-ns-blocker.yaml
+│       ├── bare-pod-cleaner.yaml
+│       └── auth-sidecar-injector.yaml
+│
+├── secrets/                   # Application secrets (sealed)
+│   └── *-credentials-sealed.yaml
+│
+├── private/                   # Local-only files (Git-ignored)
+│   └── *.yaml                 # Unsealed secrets (never committed)
+│
+└── docs/                      # 📚 Comprehensive documentation
+    ├── README.md              # Documentation index
+    ├── GITOPS-ARCHITECTURE.md # Architecture guide
+    ├── DEVELOPER-GUIDE.md     # Developer onboarding
+    ├── OPERATIONS-RUNBOOK.md  # Operations procedures
+    └── REFERENCE.md           # Technical reference
+```
+
+**See [GitOps Architecture - Repository Structure](docs/GITOPS-ARCHITECTURE.md#repository-structure) for detailed explanation.**
+
+---
+
+## 🏗️ Architecture
+
+### Three-Repository Pattern
+
+| Repository | Purpose | Who Edits | How Often |
+|------------|---------|-----------|-----------|
+| **[launchpad](https://git.forteapps.net/Forte/launchpad)** (this repo) | ArgoCD Applications, cluster resources | Platform / DevOps engineers | ✅ Often |
+| **[forte-helm](https://git.forteapps.net/Forte/forte-helm)** | Generic Helm chart templates | Platform engineers | ❌ Rarely |
+| **[helm-prod-values](ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git)** | App-specific configuration & versions | Developers / CI pipelines | ✅ Sometimes |
+
+### GitOps Workflow
+
+```
+Developer commits code → CI/CD builds image → Updates helm-prod-values → ArgoCD syncs → Deployed to cluster
+```
+
+**Learn more**: [GitOps Architecture - GitOps Workflow](docs/GITOPS-ARCHITECTURE.md#gitops-workflow)
+
+---
+
+## 🔧 Common Tasks
+
+### Deploy a New Application
+
+**See detailed guide**: [Developer Guide - Deploying Your First Application](docs/DEVELOPER-GUIDE.md#deploying-your-first-application)
+
+**Quick version**:
+1. Create `apps/myapp.yaml` (ArgoCD Application manifest)
+2. Create `helm-prod-values/myapp/values.yaml` (configuration)
+3. Create sealed secrets if needed
+4. Commit and push - ArgoCD auto-syncs!
+
+### Update an Existing Application
+
+**See detailed guide**: [Developer Guide - Updating an Existing Application](docs/DEVELOPER-GUIDE.md#updating-an-existing-application)
+
+**Quick version**:
+- **Update code**: Push to app repo → CI/CD updates image tag in helm-prod-values
+- **Update config**: Edit `helm-prod-values/myapp/values.yaml` → commit → push
+
+### Manage Secrets
+
+**See detailed guide**: [Developer Guide - Working with Secrets](docs/DEVELOPER-GUIDE.md#working-with-secrets)
+
+```bash
+# Create plain secret
+kubectl create secret generic myapp-creds \
+  --from-literal=KEY=value \
+  --dry-run=client -o yaml > private/myapp-creds.yaml
+
+# Seal it
+kubeseal --format=yaml --cert=pub-cert.pem \
+  < private/myapp-creds.yaml > secrets/myapp-creds-sealed.yaml
+
+# Commit sealed version
+git add secrets/myapp-creds-sealed.yaml
+git commit -m "Add myapp credentials"
+git push
+```
+
+### Enable Authentication
+
+**See detailed guide**: [Developer Guide - Enabling Authentication](docs/DEVELOPER-GUIDE.md#enabling-authentication-for-applications)
+
+**Quick version**:
+```yaml
+# In helm-prod-values/myapp/values.yaml
+
+# Token-based auth (simple)
+auth:
+  enabled: true
+  type: token
+  tokens:
+  - your-secret-token-here
+
+# OIDC auth (SSO)
+auth:
+  enabled: true
+  type: oidc
+  oidc:
+    authority: https://auth.example.com/realms/master
+    clientId: myapp
+```
+
+Then create OIDC secret (if using OIDC):
+```bash
+kubectl create secret generic auth-oidc \
+  --from-literal=client-secret=your-oidc-secret \
+  --from-literal=cookie-secret=$(openssl rand -hex 32) \
+  --namespace=myapp | \
+  kubeseal --format=yaml --cert=pub-cert.pem --namespace=myapp | \
+  kubectl apply -f -
+```
+
+### Bootstrap Cluster
+
+**See detailed guide**: [Operations Runbook - Cluster Bootstrap](docs/OPERATIONS-RUNBOOK.md#cluster-bootstrap)
+
+```bash
+# Initialize new cluster
+./bootstrap.sh
+
+# Verify
+kubectl get applications -n argocd
+kubectl get pods --all-namespaces
+```
+
+---
+
+## 🛠️ Quick Reference
+
+### Monitor Applications
+
+```bash
+# List all ArgoCD applications
+kubectl get applications -n argocd
+
+# Watch sync status
+kubectl get applications -n argocd -w
+
+# Check specific application
+kubectl describe application myapp -n argocd
+
+# View application logs
+kubectl logs -n myapp <pod-name>
+```
+
+### Access UIs
+
+```bash
+# ArgoCD UI
+kubectl port-forward svc/argocd-server -n argocd 8080:443
+# Access: https://localhost:8080 (no auth required)
+
+# Grafana
+kubectl port-forward -n monitoring svc/grafana 3000:80
+# Access: http://localhost:3000
+
+# Prometheus
+kubectl port-forward -n monitoring svc/prometheus-server 9090:80
+# Access: http://localhost:9090
+```
+
+### Troubleshooting
+
+```bash
+# Check pod status
+kubectl get pods -n myapp
+
+# View pod logs
+kubectl logs -n myapp <pod-name>
+
+# Check pod events
+kubectl describe pod -n myapp <pod-name>
+
+# Check ArgoCD sync errors
+kubectl describe application myapp -n argocd
+
+# Force sync
+kubectl patch application myapp -n argocd \
+  --type merge -p '{"metadata":{"annotations":{"argocd.argoproj.io/refresh":"hard"}}}'
+```
+
+**Full troubleshooting guide**: [Developer Guide - Troubleshooting](docs/DEVELOPER-GUIDE.md#troubleshooting)
+
+---
+
+## 🔐 Security
+
+### Secret Management
+- ✅ Sealed Secrets for Git storage
+- ✅ Kyverno auto-clones secrets to namespaces
+- ❌ Never commit plain secrets
+
+### Network Security
+- ✅ All traffic TLS-encrypted (Let's Encrypt)
+- ✅ HTTP → HTTPS redirect
+- ✅ Traefik IngressRoute per application
+
+### Policy Enforcement
+- ✅ Kyverno policies for security
+- ✅ Default namespace blocked
+- ✅ Bare pods not allowed
+- ✅ Optional authentication sidecar injection
+
+**Learn more**: [GitOps Architecture - Security Model](docs/GITOPS-ARCHITECTURE.md#security-model)
+
+---
+
+## 📊 Infrastructure Components
+
+| Component | Purpose | Namespace | Replicas |
+|-----------|---------|-----------|----------|
+| **ArgoCD** | GitOps controller | `argocd` | 1 |
+| **Traefik** | Ingress controller | `traefik` | 2 |
+| **Cert-Manager** | TLS certificates | `cert-manager` | 1 |
+| **Kyverno** | Policy engine | `kyverno` | 1 |
+| **Sealed Secrets** | Secret encryption | `kube-system` | 1 |
+| **Prometheus** | Metrics | `monitoring` | 1 |
+| **Grafana** | Dashboards | `monitoring` | 1 |
+| **Loki** | Logs | `monitoring` | 1 |
+| **Tempo** | Distributed tracing | `monitoring` | 1 |
+| **Fluent-Bit** | Log shipping | `monitoring` | DaemonSet |
+| **OpenCost** | Cost monitoring | `monitoring` | 1 |
+| **Renovate** | Dependency updates | `renovate` | CronJob |
+
+**Full specs**: [Technical Reference - Infrastructure Components](docs/REFERENCE.md#infrastructure-components)
+
+---
+
+## 🌐 Domains & Networking
+
+- **Local development**: `*.127.0.0.1.nip.io`
+- **Production**: `*.forteapps.net`
+- **DNS**: Manual configuration (contact platform team)
+- **TLS**: Automatic via Let's Encrypt
+
+---
+
+## 📖 Key Concepts
+
+### App-of-Apps Pattern
+`_app-of-apps-{cluster}.yaml` is the root Application that manages all other Applications in `infra/`. Each component in `infra/base/` lives in its own subdirectory (e.g., `infra/base/grafana/`). Overlays can either include **all** components (via `../../base`) or **cherry-pick** specific ones (via `../../base/grafana`, `../../base/prometheus`, etc.). Per-cluster patches swap Helm value file paths. Supported clusters: `upc-dev`, `upc-prod`, `eks-dev`, `eks-prod`, `aks-dev`, `aks-prod`, `gke-dev`, `gke-prod`.
+
+### Multi-Source Pattern
+Applications reference both:
+1. **Helm charts** from `forte-helm` (templates)
+2. **Values** from `helm-prod-values` (configuration)
+
+This separates reusable templates from environment-specific config.
+
+### Sync Waves
+Applications deploy in order using `argocd.argoproj.io/sync-wave`:
+- Wave `-1`: Namespaces
+- Wave `0`: Kyverno (policies)
+- Wave `1`: Infrastructure
+- Wave `2+`: Applications
+
+### Auto-Sync & Self-Heal
+- **Auto-Sync**: ArgoCD automatically deploys Git changes (60s polling)
+- **Self-Heal**: Manual cluster changes are reverted to match Git
+- **Prune**: Deleted resources in Git are removed from cluster
+
+**Learn more**: [GitOps Architecture - GitOps Workflow](docs/GITOPS-ARCHITECTURE.md#gitops-workflow)
+
+---
+
+## ⚙️ Configuration
+
+### ArgoCD Settings
+- **Reconciliation**: Every 60 seconds
+- **Sync timeout**: 5 minutes per application
+- **Retry policy**: 5 attempts with exponential backoff
+- **Authentication**: Disabled (internal use only)
+
+### Application Defaults
+- **Auto-sync**: Enabled
+- **Self-heal**: Enabled
+- **Prune**: Enabled
+- **Validation**: Server-side validation enabled
+- **Server-side apply**: Enabled
+
+**Full configuration**: [Technical Reference - ArgoCD Configuration](docs/REFERENCE.md#argocd-configuration)
+
+---
+
+## 🆘 Getting Help
+
+### Documentation
+1. **Start here**: [Documentation Index](docs/README.md)
+2. **For development**: [Developer Guide](docs/DEVELOPER-GUIDE.md)
+3. **For operations**: [Operations Runbook](docs/OPERATIONS-RUNBOOK.md)
+4. **For reference**: [Technical Reference](docs/REFERENCE.md)
+
+### Support
+- **Slack**: #platform-support
+- **Issues**: Contact platform team
+- **Emergencies**: Escalate via Slack
+
+### Common Questions
+
+| Question | Answer |
+|----------|--------|
+| How do I deploy an app? | [Developer Guide - Deploying Your First Application](docs/DEVELOPER-GUIDE.md#deploying-your-first-application) |
+| How do I manage secrets? | [Developer Guide - Working with Secrets](docs/DEVELOPER-GUIDE.md#working-with-secrets) |
+| App won't sync? | [Developer Guide - Troubleshooting](docs/DEVELOPER-GUIDE.md#troubleshooting) |
+| How do I bootstrap a cluster? | [Operations Runbook - Cluster Bootstrap](docs/OPERATIONS-RUNBOOK.md#cluster-bootstrap) |
+| Where are the logs? | [Operations Runbook - Monitoring & Alerting](docs/OPERATIONS-RUNBOOK.md#monitoring--alerting) |
+
+---
+
+## 🤝 Contributing
+
+### Adding a New Application
+1. Read [Developer Guide - Deploying Your First Application](docs/DEVELOPER-GUIDE.md#deploying-your-first-application)
+2. Create ArgoCD Application manifest in `apps/`
+3. Create Helm values in `helm-prod-values/`
+4. Create sealed secrets if needed
+5. Commit and push - ArgoCD handles the rest!
+
+### Modifying Infrastructure
+1. Read [Operations Runbook](docs/OPERATIONS-RUNBOOK.md)
+2. Update relevant files in `infra/` or `cluster-resources/`
+3. Test changes in isolated namespace if possible
+4. Commit and push
+5. Monitor sync status in Slack/ArgoCD UI
+
+### Updating Documentation
+Documentation lives in `docs/`. To update:
+1. Edit relevant markdown file
+2. Update "Last Updated" date
+3. Submit PR or push directly
+4. Notify team of significant changes
+
+---
+
+## 📝 Notes
+
+### Current Environment
+- **Provider**: Multi-cloud (UpCloud, AWS EKS, Azure AKS, GCP GKE)
+- **Active clusters**: UpCloud (upc-dev, upc-prod)
+- **Environment**: Production (internal use only)
+- **Auth**: Disabled for ArgoCD (internal access)
+- **Backup**: Gitea daily backup to S3-compatible storage
+
+### Known Limitations
+- Secret rotation not automated
+- DNS management is manual
+
+**Future improvements**: See [Operations Runbook - Disaster Recovery](docs/OPERATIONS-RUNBOOK.md#disaster-recovery)
+
+---
+
+## 📚 Additional Resources
+
+### External Documentation
+- [ArgoCD Documentation](https://argo-cd.readthedocs.io/)
+- [Kyverno Documentation](https://kyverno.io/docs/)
+- [Traefik Documentation](https://doc.traefik.io/traefik/)
+- [Cert-Manager Documentation](https://cert-manager.io/docs/)
+- [Grafana Tempo Documentation](https://grafana.com/docs/tempo/)
+- [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets)
+
+### Related Repositories
+- [forte-helm](https://git.forteapps.net/Forte/forte-helm) - Helm chart templates
+- [helm-prod-values](git@github.com:fortedigital/helm-prod-values.git) - Application values
+
+---
+
+## 📄 License
+
+Internal use only. Not for public distribution.
+
+---
+
+## 👥 Maintainers
+
+**Platform Team**
+- Contact: #platform-support on Slack
+- Issues: Create issue in repository or contact team directly
+
+---
+
+**Last Updated**: 2026-04-22
+**Documentation Version**: 1.0.0
+
+**🚀 Ready to get started? Check out the [Documentation Index](docs/README.md)!**
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infrastructure-apps
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: infrastructure-apps
+    app.kubernetes.io/part-of: platform
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/aks-dev
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infrastructure-apps
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: infrastructure-apps
+    app.kubernetes.io/part-of: platform
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/aks-prod
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infrastructure-apps
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: infrastructure-apps
+    app.kubernetes.io/part-of: platform
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/eks-dev
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infrastructure-apps
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: infrastructure-apps
+    app.kubernetes.io/part-of: platform
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/eks-prod
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infrastructure-apps
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: infrastructure-apps
+    app.kubernetes.io/part-of: platform
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/gke-dev
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infrastructure-apps
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: infrastructure-apps
+    app.kubernetes.io/part-of: platform
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/gke-prod
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infrastructure-apps
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: infrastructure-apps
+    app.kubernetes.io/part-of: platform
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/upc-dev
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: infrastructure-apps
+  namespace: argocd
+  labels:
+    app.kubernetes.io/name: infrastructure-apps
+    app.kubernetes.io/part-of: platform
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    path: infra/overlays/upc-prod
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,38 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd-mcp
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
+    notifications.argoproj.io/subscribe.on-degraded.slack: ""
+  labels:
+    app.kubernetes.io/name: argocd-mcp
+    app.kubernetes.io/part-of: apps
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
+    path: forteapp
+    targetRevision: HEAD
+    helm:
+      valueFiles:
+      - $values/argocd-mcp/values.yaml
+
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
+    targetRevision: HEAD
+    ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd-mcp
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,15 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: argocd-mcp-credentials
+  namespace: argocd-mcp
+spec:
+  encryptedData:
+    ARGOCD_API_TOKEN: AgCgJkgdm3jJhMZcQviLXHU0T9MVWRw+OaVLS965PpIFSu6HkBwvVuOx0uUKzEtss3y5XjoGzgqrOrkVJqdb7Amiyj88ZIhLImdZzP/FXhH9N4U1jQ+ayPI02EmjhYuuJeNSvbF+K0IwS8nj/5POaCN9CNj5f/px8EmYhZalcFO7szBbpVNiwyGObMIv7DgtjrfROIVWZ1MD2oEjQ7jiqzvi2ynBJtiF7wyX0ZzE6aIYg/eyvZ3dkW0tRrWjFLtaucFoPVto848UeRHsNfQJnuFHGRI4mrnanBI9YsppPqWuHic9fvyLg9fMz9ZTHaPTS5EMbU+e9eshkQqAPLmawjiy2zW8X9MytjTECPVALko8ejj0MTwmTS15as4tXn7FqAxsH5hCHISVHdqQnEhvw9IdUSXFooipgWaQmz4k+zR3TlMU9III3G0PYiFVyjWy2/mfO4Vsg4RoD8i+RVqQINK9EN6OCr3frqMumhMlJLpTX6+8749Qa/5b6aRzvt5ACDixeHXzeJTzbYJrfGNwTrjL5SZvILgzE24g9YocE5/aLp1X4Qyb99qSODkA51uiVKKLJx9K+R1SnHDduxWuh+9tzJXgbWu2PACaMb5qLkpzA6Dx2kF28lIBAYz/yYR1kY2wvpqh7SO2rXSUROCB7RDRLCCk8V40J74/o4HiDzj9DJEmRzJKWerkPlzOxoe32XDvtY3rmZ1t+orXPRuRJ8PDrmhD4Z0+iBDQrxkv3UDvF7ES7NbtCiXQRN1m3v03q9rP4AsB/s0p8Byq94SoUasisDk5mCf1TAdvkgK4C9D4BcqCfVYRFNGk5AgbuIb1Fsz506TWFImEiJp2R+z18KIJ2Uhdz4NfkUhToe8odr1mP6vxzjzv+6Et5+v9CVYZPkoO7JBDwCVRie+H8qroAzG8OvAq9iuptwDFeZuQ9RLbDGtneqMjWj0a3pkdhRddr6uaKus/oBJo2E98afMY1WWRh/19fstkQ0NYeTrJahTNrKtxnHziTO89MVQZ5G7eDEKnQPYELnor6mMZ9CqSqUIT3w==
+    ARGOCD_BASE_URL: AgA6OxPRQoyPHYpTQoO/vM4xkl0heMdPvIZ6xBxS9+yt9zbqhBCoupixyuP4nxbkwB522GVnC/qG2nNN5kzzWck99nlf0UVJ0uac5x5GtkbZ5s1Rc2u1aE42hMdmqS7MIqp0OR96nY2aWwPPIh2OLIECEf1axLZ6uN1bMEAUN36s05JQUlKMikFfcv1iIqxiVj7U2oz5jNXUGknnXnDp4V7Y68yyXpjzqp8Gm0dCugc4ZLuK3v3IUsKTJ/A+keMbeDC+VGTYmoNJevVhuZaPgcwRDU1v7bIYSjVgvYenOEvdWM3IZs5x4USLWPr9K8a7efSCYRJBZD0/45Au87bIcASXtZzN1ifmaWnI69uqqCLj2dsO1O2RTf0ivzpzRLPJkX1D7yqOnPCyQEAGryFSdyl9w8by6Z801dsJkSf/NM3aymqxu0xhNZ+r1tSSdlt6RKEjFJfrsGD/UmBW6EpfMAw6N34FUc3qpgB7TGW7cK5UbxtQEJbdxhOpySdSnMCfupgIu9x/mQa5tfbHMAc8QTj9lXMuipNrO7n5gIxOG6ra+uM7gaDW/xdksDGNmekTO+C9inqQj/LRXL/MEXdy+LaPRquzE0+YRLjCvRFjv0glK+vR2scd7+bd90Pnv5qJwOPod6PXCREGviiBJvSt62mTxnnritHun77lXwpScFYHhA8Loey5/blUSXnOkScLHGzhUibX6AIRw/nBw3IwfgHHrfVz4xBrrzBCs1eJxQfrELsmondd61MeCz94ERY=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: argocd-mcp-credentials
+      namespace: argocd-mcp
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: auth-oidc
+  namespace: argocd-mcp
+spec:
+  encryptedData:
+    client-secret: AgBHbqXV1iuVNc1txIt2VWm+Enm2j7W2Z1WptWvRyLZrEhjJlY9pPxJuDuEIGeMbYsVlp+I79Wl897EYPpzZTo7U/h+JQKtPe78rS9trGN6Y+jE5ID/H+SYqZrWDXkYGWjan2+5OTpuH4Cef7G6faXhDW8iwhch4Ep1ZIDbiHQ2EVmQ24+Ar6/d+RDlcfXvF38oWk1Io3WrDkxzf210nIuX5ZapyDP+hP/0Tk7i75wlJX/HYh664rBo+Plxy2HQweRvmUb9y4/jv6VJtlY7tmud7GF9QRg9tGUV8Aor9qyhZjH6CUx7AATelkcaWFko5h185d/q8AYxDbdguSbvVor5hcfG14YCqi51gDNK23jsGdMYiLkSp1Pgr2hgrWL7T5c2LLd2BMXqG1UXIkhwTukK7oPHiZV9sIbvX//duIQWQHRT795eHO2F1YJXiGeDY7icvqpNhpjVxhb4FRTj5PjOKtjfMWd1BGus7Y0THw91kKaM0i/cmKOwNpNHEqsGMcqL9blRykTQWPNL40/Efvk8QxL6D14394F5FLHHg2rzvgASdroqnIq86UrlR3xmXPHpMpUu1zQwfL4eU31Fvy8FsrjPGNhHZPXvdBzi2U6HvFe+/SFrQm3EhGV3JA7tBTLx2jByzLzZLOuPZ0ndrQwccmuSLOkjSVE+WOwZJQ9X6rGa/dyxe/jTvnx6rZ7C/PutrP6BSqtD8By60vF9/bS76mGTQAMEtnsNfaBTiRiU+W0oAfb43VpZn
+    cookie-secret: AgA3NHKTzIdz9PgWDLhyZRt8c1SP7oE0cdlyLUjKVBpeozz0YuiPus54w7IdWQcDhtE5KhV3ndjqiu4FIQIGDRil5Am863zCT0qCx71sldql6bhZbUWnYEnUvF2UpayQTajB6+zcEo9IbHta8146Ien3yCuYpfZ0m0RoIVrYCnJFijOurfRieHkQ6nhmjxkFYOha9xStJFoGxKNetdv6uw52+iTMmSOjYtmtwA77uhU4SovrZ2Rs6xp3ySX7bdho0sfu+H/Gyl7/olLBAedVcCBKpZ06efY/SIlP3TGYH4GWN+dxapuCtg+zgTNFOXyWnHdTaeEHrPfVWZnlcy7WOFs8vh1tUsvsmYiR3Pq1OeGPdrayXexM92sKMcqGuX5F6yRv7lE2ikK/rGpNt1NyGOizyrYSWhaRICNtMeFRljEfCgjwsrfzJ28cBsBbAwUg3VTfJLxGOsYZ1oiiO//BO2C4pQtw72fEwpyPkYlSXUgOgnnYZmCvpuc/joHMRyrHIZbkYQ24jDD3a75f+6JP6zXDKYpSsq5g3Sdjhp/SbY30Lr9yMpNq9Lmv7FWj/KCRIBQ38smZTBWkdytvfFqpXyLFrVM/itM6GSgOA0nJnicNn+0p99YFjQzqgXxPdBkAk3Xg7iOX2e4PGPH2a3GkSIzlnhgGi9tuitx4fvQRQZyaFAZcWbCDcFoc9YuRoMbkbC6LAMQyrFj3Rrolp7UjL17IXP8dJEcwwXr2Oz3taTiuTBuMERo1zDzcFcozBarDmRQvcJqcnEtsxxcrne2AjfYf
+  template:
+    metadata:
+      creationTimestamp: null
+      name: auth-oidc
+      namespace: argocd-mcp
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- argo-mcp.yaml
+- argocdmcp-auth-oidc-sealed.yaml
+- argocd-mcp-credentials.yaml
@@ -0,0 +1,18 @@
+# SealedSecret created after namespace (sync-wave: 0)
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: dot-ai-secrets
+  namespace: dot-ai
+spec:
+  encryptedData:
+    anthropic-api-key: AgASIRVNs7kIvZ/XwFJ4j9TJ05TW4YlFNzi2lx+6URlvzjTkMignK+y4/HD3wTK37BkIonnOXf/DGJcMgqgxOrHBVu9tLkSamve5qgf+SOZ8jxaqpLX2e5hdmHrgMp7rVWKiOoxM+bvu8Gdve3eMwXX8Eazj7W7vi430LsvW4BmPrQp+A9SOP+hwMlV5r+P5pUogC3hddt5KoSwpgnpOb8fRGlLDpc548eDNBJrhsAZiiFqc8+CycHX6idxWzlWOTPR05LBs7YrTIP/LUXWdyq6UG8yB5D0c9JNndnGo6kSfJxdaxCNO7GhMAOmo4CitzYn/zhICwuHPLKwUYQBcEHVpFxgub0U9fY7s4i0SAH9aF1kk8yqHWaCicHzi6B3AxMZYr+knS5vVNB+uGZmSKgZ7QNE1bF6E4Gg5bXRwk7OVQhuJSBzxVNDoXoJ6stL8ejU+MP5FtI792FxZbNDImu3kqor/t9wB49ZeB9Ngks2yvtlSrQ3G2lxJaOgNBPmKYhAX95JFI3xUSHOMa18ftn+aXmEQTXOHtM/IT8A95gUvIKz8Hrt03CwgZ8E+3lcsjAVsfNjqn/erqV+xi93OYOL6o9ivmTIem3MzsqjKuQ57HKaghnd+Ygdt/WfotRBSgZtCweOkZBV0XKxI1RmCQXk6dce8x4T7FDEeaSQwkc4yZ77LfQJnyVgU1rds9Hqv0RbymHK8JCQEMMb6PcK+Ow068fdj4NP27HkuYMB5JdPp682KIRwGznN2d3+QPXRd/ZHshnixudY7CLirlZl9xD0HssfSBI+uCrFEAln8D93UYbn7trF5gkKWYQsQ07CVZ5Z1qXieqwJWjHRY+oY=
+    auth-token: AgB65rUY3yJuTTLbGyrCtJPZp8UyEOr+kznSMGvUaZ9PoHq+kIEhazRdVKHa/WGvMWuc4x+XYRuIGj+2KiooyilUPrLcE3bz9fUOAFbRw3+iUh3WAgwK+f3eBUG6/0OoFw+GJ583IRidDW1t2BchMxSM1m+3vmQoF24qj7k9j/lWPsnX2IX3DhM0SomD1xmG+LsQMo2e4vQXB0BxhVDIQ621JTrvUPYzYx0NlPqZO/MtR1JWYS7WBTvegvgeBKLxfy9KLnqsuzu7rc2t9BYt7TRqvBg/prrKPdSV6Ei4GOZq+AcG15iOKXhsj8SxejPpM0QDemFTRQkdfz+k8ms4/SM0eylr5fEaa99TMTvjYGCfjJJyRcVm5Ef/XdmXiM3OI1u+9QNPiqXh1zmtp0yQMZ7nRE70kKQ2MHVhEmSUkBjovybIzLk4OL1v0FGDDqa1BN9KmNEBlo8H7DqXzfamVoNPyuuO625B3HgSeR3Udq8hngy9W/wiolmMNSc9C6vBA0HzE7Mkq79fHh/ruTi5zOJLfyEP7KQQqlNKfEtDFQfabaV9ERthQjuUs8ZIrdfCTOyQkrmmGY/sH5yodLRSYSEpHFrhPepwHS7lGzbVucW3Fn34D4OxJXyXQQObZKybLV7g6Oglf2Pdn11CEu/4+19RlykuOlm1dlj852a5NWWmmX319laLGlEd1BpG4cZyc9UZud68dGumwzrUupUMTLlJx8bR5rLgqaMpQMluwvq8MQbBXm4ySOcQ2jQhjw==
+    openai-api-key: AgBc4cSrd0riSxKPrp7AqrNYMDAZJTe3aCjTOwEb5pS/KARkgoEGz+0ZhLXa2bcCsPlQzqRzZ1c1cUCnBACkp1xoMfhSOoIJUWJQHRgZx5kEDhNIE/M8PQe8es7jYsW7/ui6iK8uj3Ljk21r8l/ctnP/KiKyML4553el28Ya7XsPQynRvpVexFC4BoJw50nkauLnvl3in0cKmEVAkMWorUP3Etapaj4DWkCQQ22RPN0xGNo9yiIUEAVE+uTRFNKGEHMIvJzgB291FJQtG/WoN/Sy/DeoZkUYndA7CbfFgiz9sq3GqJwyqTM+Ikzw6VCQ3TVWYO/6+yaEzT1NZ/rw00YhDyFoH+yGTkX5lrSUo8lGf3T9OODTdSS1203xtj4dhGbY70sPGMxDfucnO6piVcuRfh9bWg1VX+MTjqpBQE1J0DKJanhoh6lKbPOJhRbi0TIoCz1a3btbbKLDq2YJl7FXA3QNdBsR4qVJ3xmgWlH/eTUskCE2YxDzHmkxgZN2mL22SfeUJYtDRswRG0UGc6pvg2xrR0iEDB0UbH4FQK46fWv8aiOejteLlAAyA9HNA8yi73rTEjq55wpO19/MYj+6oUGEHpFaJje77INTHAKpdbfkp8iKotNXFYLM2hsjyau+x/AFjg87kEdIUVVHHLVMDhOq6NO+foM0nFOIv4lr2Yjl15+ImMSTEfcBr+nWaomnb9G8i5ptqz9bMHbxAcHpzWUBH9SZhzrCWZNDzOm2X2K6mpXhg4WX7VJMoIJk/f+bxTTKnWBawdnpCdbdG5GYQh7usqjPuELFYRTsx+6Tqoddp4KIEyMMxO81XObiN5vEBg74ygunxrjKNg5FoOkUA79YvcGBVVU1FNRl3d8IslXFqhEOT35nxGBB0T7ZORii34tZ2E551NkIo1WbCwilD3Dlgw==
+    ui-auth-token: AgDStP4jHhMehx/SAv5x2aQrJwChnWq8WhV/LVTSuuCSSy9kFQGa3Izyl21sMhLKUgrlS030GH50lbku+IY90S+MSBfaCq0Xb8qwohfH+qJulMRgljoU8r58/3ZsaBzbGJjiNMgBCwGlvuK85t3R3662ftwikahWqLfwAahi12L0llUDNyG9UB0Os3oR2CVAt83+YB07YspCWRzwuOz9D1SgOL/g/JF2hoL43pDD65BqYKdEuLFInJZx1Ul68V/FPmJK1gmJb/Kv8pgtk0sGTzxbbTdIQ1Ugf6+8//CWEq6GsMeEZG9VwExL/KYqobnbqd02FRgSSvWybhWLjiALLQvAFtce6FR6bur0rsariyogGjYCuXYdRnhf7QnB6NopwplhFP37Qf6E4q2pJTJ6Fzv0xq+XlfzNkn9Jvebrdkk/5CThW+wPAfx8r1VIySqBsYnPO/ZQDkfQ5ocX6fmzZ1iCg+0NI24k2YwCeMZtEAGpKEtejS0BLvqrilUG6Oz9sHCGHro4Bv5B/jzUjGbye0DSDj1f6c2RcpqMiUxfPvydJIcJGhrTx8sZS3qhEWME7kwjJCZpHEzfdv0weSJbgVGBSh9e1wjZxxeJGXuZKdFzdhpNEWP4uScGW0UnRDwxZzHMsLjS/W30mQmwmgJVTKdPl6VQrvdq7m4AC6+/d7iXlHazieC1KpBme4hWzO+/h7qRw1P5Va/ZWZtnGs8476J8hIojRtOJ/CdWwVLUa0gHo4CYnempIMwCIS3GtA==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: dot-ai-secrets
+      namespace: dot-ai
@@ -0,0 +1,70 @@
+---
+# Namespace must be created first (sync-wave: -1)
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: dot-ai
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+---
+# ArgoCD Application syncs last (sync-wave: 1)
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dot-ai-stack
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
+    notifications.argoproj.io/subscribe.on-degraded.slack: ""
+  labels:
+    app.kubernetes.io/name: dot-ai-stack
+    app.kubernetes.io/part-of: apps
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+  - repoURL: ghcr.io/vfarcic/dot-ai-stack/charts
+    chart: dot-ai-stack
+    targetRevision: "0.56.0"
+    helm:
+      releaseName: dot-ai-stack
+      valueFiles:
+      - $values/infra/values/base/dot-ai-stack-values.yaml
+      - $values/infra/values/upc-dev/dot-ai-stack-values.yaml
+
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
+    targetRevision: HEAD
+    ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: dot-ai
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+
+    syncOptions:
+    - Validate=true
+    - ServerSideApply=true
+    - Replace=false
+
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  ignoreDifferences:
+  - group: apps
+    kind: StatefulSet
+    jsonPointers:
+    - /spec/volumeClaimTemplates
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- dot-ai-stack.yaml
+- dot-ai-secrets.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- dot-ai-stack
+- mcp10x
+- musicman
+- ts-mcp
+- argo-mcp
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: app-credentials
+  namespace: mcp10x
+spec:
+  encryptedData:
+    FLOWCASE_TOKEN: AgAjQ0Jm779LiB2/EBKtIl18Iky/tgl7VvEvkJfr82mbe7JIp99+I8WPIMgmlXsxWBDfwJ/DZoDEAKG5o8mvwc7DtaE7LkpPSXKRIviLrm+7amNdEpwb1zKjCmZ3vNOPXLnCTD3W1od8u106MEvrZpt1N1Pzav/QUElAA4lqyf4AZPuio0H/7jF8QciVHIN4BdofodOmWWCTxP1aVMylat3txlkzuqwkXc1fKBPmOKC1qWepAG7dlQ3xJ2C5Cinz5IqOYnQPO6sm/Gp+c8yQSS+0NpKO3dp93yuwRsOLOMNpCeeYOyzn2ypFIdiBuLA5k85l5WyI9BCvRjP+kzRX+u69XL7p2eMEg+vRVfoOWNetysYCdK+96bWNVVleQEuPAFxsbJWK5eV8jTZk+QeFES8kkXQwUoTMqh+JULgONakxrzc1LmA+FtKNwHWCHalh8pLQ9KeI2i9E5CtotjHfEGLE6T0ibwwOg1ZrL3irQVII8VFm4Rk+dSicbeEMAtIaII023NWuZlonrwIIy+GSVzskhhcjV7t51hylqFA3yfb+RQCzdGYA5fySlJBWhli8IotvqnDmWduPBHGb/+yrdXHsaiDqWuUu6JBUg4JqM+AMa8FkaFh8SbctbGBoycpzLVFn9N2qWviojhC9s1NJ4MiCegvE6IsCLaHidY4UXeeGjUK6Mx6h4x3y/q7ZIrBIpUOJ+8I4Mgvi9sTCogeR+vWtpP9ZZ/31MXELuu/ho3Wn9Q==
+  template:
+    metadata:
+      creationTimestamp: null
+      name: app-credentials
+      namespace: mcp10x
+    type: Opaque
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- mcp10x.yaml
+- forte10x-app-credentials-sealed.yaml
@@ -0,0 +1,39 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: mcp10x
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
+    notifications.argoproj.io/subscribe.on-degraded.slack: ""
+  labels:
+    app.kubernetes.io/name: mcp10x
+    app.kubernetes.io/part-of: apps
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
+    path: forteapp
+    targetRevision: HEAD
+    helm:
+      valueFiles:
+      - $values/mcp10x/values.yaml
+
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
+    targetRevision: HEAD
+    ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: mcp10x
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- musicman.yaml
+- musicman-credentials.yaml
@@ -0,0 +1,19 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: musicman-credentials
+  namespace: music-man
+  annotations:
+    argocd.argoproj.io/sync-wave: "12"
+spec:
+  encryptedData:
+    DATABASE_URL: AgBGLu8Rw9z9WMo3uX7fezN7tOVlEsmWtikFlyBxuSuQ1dCv6KTCePkwxJx4LuKvaHXlwdWl5yP8wQxMJP0BNJ1wewFb9zeUkP1YuCz4MrfuXq1zrecIr86R5hNbPiOb66e/4oOTCY/z3QREX9WjZdLJV/PCyBz8MP0D51pgWXpM6CBdhwpFbHSALyJk89+q44c9KkRxAUG2OLnesMeRe9nXJt5ariUCl9Qd2POIjx2hSNII1l0KbTcjI9hCf91DYM6poqKYYQUpnrjKv3LJwWS79I2b56+iTtroH3usIRgaiwgtFt2INm+8gwLBmC4xxKJ5VAjjYB/3dcN9XeboXvj0NB05P9jS3e77imUFANIB9coeaNlcvRWxwGCewYMp8+7RT7jPVA41/+aT/zT74tq9WhkKvgrr1It9/5fRnXtFEkhZg5bBcYCChzooarHkiwKlA3Wo0CrFsDPqy89oZrnwMRnVqKWBf79koZV4l7uCA0do9ojf55lTy8mt3mKQkwfqK9UdzZNbYzH0/Fk6gxlSxANOOqe7kt6VPywYUBnh6JS5U+kdTgNeSrFy/xqLFz28fXuikSJvLEouSFu66MeT+6uvYEmdfdLeh7quW/n+p7QTok3v3kRYJ/1Dl8ZtgvM7e8F/J5bLcacj394AJ/bBt+RIDa+XBjNNPrWKcWt/mkudZ25F/84G+hNxYQv7PIbhYfA1JTuHmQSoF+xah5QhKpyNpI3+knJmJj/4MhPKLnTuebg0xfbPevm2CU9fSa4sPIqmSvSGtqlXODvCfDSFEYzWfyfXV5Tys1NGAt04V8fl9A9UxULUm510NCeD0jzFeeYm3ZJiyavA5xF6hXCHoqLE
+    JWT_SECRET: AgAJmQ+WPiuifW8jCMOkiZNYj7xb29Z4woRO2ir6bE/qX7y4LkR6SjmsS/FSJqV7apiKgdrQ0TTxSU/7JlwzBkAgzH5UgcwQmQ8imC7JDYLmHssAeZz75Ft/TwCo7ToCPLr4YBetwz39XYyTAi7wgDzKNX8vYuEEaxP5xOTniyIysMzLVGs0EJSB7398fTgQo0t7rIuBBIP072iX93YfLvvTE7rrqg6uIE4D7LJ3oqvKJlN0MnpDPbdqWvxO7lX6P45ACCveCW1G0U77HOLj4QwyORsIEEUkOqDtr1CF7EQJLEZaREvpB42WI6sQEqsORr7F/Z0d0DdCjCSjKolkb/3z9uDUGwGkuTLJvOzMWAQFtQi1pjImCo79jNoKC0h0iBWqXBQbvg5dkCLVDD4A0lq7GD3KXtjktg9hbqPqFgAyYcJ6cUYp7xx53Y6yYyUS2T9KljvqtBR3bZ7yvdLMvsZbecTOgBpTvoELWa+bsympoZYu9PWCE3YnDyYmLLiWRnKgZuA6LhrNZzxzd6ytiasXn8ZIqrec4Rsj2avtmc7NQPwSe9/MmfUG7pWL1T3D9k4vqt4lfoFTswgVIkFE2h/DQDrEhnEAsLDOSYR8LCdvyQWbiSy3d2VvDOHdogyFbhvoHEyH1+cLMR5zgGgDbTyPidUxjkq//A8l1d0twFaJ0y1rvo/RJ/KnXl1E9OdV42i1jZCsCl81qZjfGaIQ18tNB/bwbqsWZRJxxEuLIKJHX2FuKXZDfsj+E0Qsmhj6kwGpVsTkqgLO7mOCCk5d8Lft
+    POSTGRES_PASSWORD: AgAG9l5ZbBHtT9o+ysPIy9TAEwVH17xWlKIDScvCY7iVM1gKuZav6nye84DVCNccgZ8nCtu/GQay35ejttR9CLu9Du89OhkFJMGKXSyij7P1+TJP/BPD2+XIzzcMJimq8jrObzqLTPdgfrTs21nJ50GaP0qEvXgEAh+aWyspHrwMnyIJMWq8jpl2ITIEsUpvbxD9zx0yJ7rdkpjrW8Q6AA5bzL9qCmgz8M06+wR86Zu+u+6qOV2SCGDIMmTPqQdvQOU8rzVYF7Xrl4iASju9bdlhjuWSzzYJmDg7O7Xwam4JEUwpHK4zjEaPydF55Lc6t8Sf3P00VMRzBrwZxUeVWCAvzSiiQnfe6/kbG8neCJ99kJoJqULsZ9dvsGrDyz5wu1QSVBHhUseeX8IMoH3R97XJFtQ32EenMTm/SmnmXnI2LD06TB7IBhyTK2uBx2QtYRLasKa+bb0mCD8cJEtpBo9/Y5VY6ILoGH7jEH5WRO8XXLoc6z2GmfxyjOe2cu5C+PUg4cfbafevFiEXp8TbCgiV2214VZ6yMoDNM7xabSPpyo0N4oZ0obiy4Ltc0gwwDDXpEAmfiIjKQ8mu9pywU5OpWhw0bvGsuEeI5nQVWbqvziwdfrUEfBhq+X8hUtNQfrC0DNAePkQVJDbhfXyknWpo6M6upCE2EYeJrM7kJiVV7FkamQcTxYwhl+XrdV4nBwSUolQ/Jy7Jq5Y00iQnm57O49OpRkZWhwBRSWkaF5pbTIPWG/JDii7ixb60sagFTAF1g+IfPPnNjwvuqqEIEyy3
+  template:
+    metadata:
+      creationTimestamp: null
+      name: musicman-credentials
+      namespace: music-man
+    type: Opaque
@@ -0,0 +1,52 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: music-man
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "11"
+    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
+    notifications.argoproj.io/subscribe.on-degraded.slack: ""
+  labels:
+    app.kubernetes.io/name: music-man
+    app.kubernetes.io/part-of: apps
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
+    path: forteapp
+    targetRevision: HEAD
+    helm:
+      valueFiles:
+      - $values/musicman/values.yaml
+
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
+    targetRevision: HEAD
+    ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: music-man
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
+
+  ignoreDifferences:
+  - group: apps
+    kind: Deployment
+    jsonPointers:
+    - /spec/replicas
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ts-mcp.yaml
+- ts-mcp-secrets-sealed.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: ts-mcp-secrets
+  namespace: ts-mcp
+spec:
+  encryptedData:
+    AZURE_CLIENT_SECRET: AgCWj525+NHkZ8XG97hEe4RS0SDC0QIGDXmEvzSlIqJQ9XVZEeKxVuAYmJ+w/HH7zBXD3qlZISeOPKn3FbMEeRukmYK0d5PsH26tRUMPoMzwWCuQkZIQ83uX9Pz/wMiqW8aZFIxpdEiUgVdanxHSFoDRPC1VlSEtV9B9yN2MgXBID5s0oje5BM9ttc4WVRe6+9pMeaOC6u+YUgcfY7xPLetZfC9nQO4zn4jYhoQXfAddwMzNODvQNGPzIv6PXDXJweTwdmtGaxM6eDdcCJI/30bEV9prA5m6UlgTZ/Qp+onU70KdkBA9gM9tMMVUR6j/2sbWzqMP/rVaFLeUH1PjHv15n4EieWyuDyYEfmZNDFXc7O9RIK6P0jCIE+t3myxK2ZQ7cfXprdOSj94au0qP6leat0UUVoc9CFJHHtrNxXYWl7IYVhwvIQCMSgO2qoAXkdW4wKVJAcbJadJjoL2pWxzjaD4GgnUaAxWBANqZI2lD8CED4VfUVMB0ZUYRS/zvy/eqIGlT8WbzwTYFi3YDZRvAUIknxaWEavIG4x52d0FqTmFYY06W53fGYfBrUjJI54GWYyBpKdZTf7b/AlAN0+kwkk6OqsUWwWDqxR7LVCcPhjSIKd/THp+Tbq9z5TiPIHxOO9V60u51f8IoQrEgQfNov7CEGQZ8B9HUGObjNc5MhujzBJasMhrUcd2Ddk6KWk07B7223p/gIEM+81ZWQYUcc29+U/j1dQyRNZy/TC56ywe5DDBJSoGp
+  template:
+    metadata:
+      name: ts-mcp-secrets
+      namespace: ts-mcp
@@ -0,0 +1,40 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ts-mcp
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "11"
+    notifications.argoproj.io/subscribe.on-sync-succeeded.slack: ""
+    notifications.argoproj.io/subscribe.on-sync-failed.slack: ""
+    notifications.argoproj.io/subscribe.on-degraded.slack: ""
+  labels:
+    app.kubernetes.io/name: ts-mcp
+    app.kubernetes.io/part-of: apps
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
+    path: forteapp
+    targetRevision: HEAD
+    helm:
+      valueFiles:
+      - $values/ts-mcp/values.yaml
+
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
+    targetRevision: HEAD
+    ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ts-mcp
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+    - CreateNamespace=true
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../base/musicman
@@ -0,0 +1,47 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dbunk-demo
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "12"
+  labels:
+    app.kubernetes.io/name: dbunk-demo
+    app.kubernetes.io/part-of: apps
+    app.kubernetes.io/managed-by: argocd
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+
+  sources:
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/forte-helm.git
+    path: forteapp
+    targetRevision: HEAD
+    helm:
+      valueFiles:
+      - $values/dbunk-demo/values.yaml
+
+  - repoURL: ssh://git@git.forteapps.net:2222/Forte/helm-prod-values.git
+    targetRevision: HEAD
+    ref: values
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: dbunk-demo
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+    - CreateNamespace=true
+    - Validate=true
+    - ServerSideApply=true
+    retry:
+      limit: 5
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- dbunk-demo.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../base
+- dbunk-demo
+
+# No patches needed — base already has "upc-dev" paths
+# upc-dev is the default/base cluster
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../../base
+
+patches:
+# dot-ai-stack: swap upc-dev → upc-prod
+- target:
+    kind: Application
+    name: dot-ai-stack
+  patch: |
+    - op: replace
+      path: /spec/sources/0/helm/valueFiles/1
+      value: $values/infra/values/upc-prod/dot-ai-stack-values.yaml
@@ -1,18 +0,0 @@
-/*!
- * Lunr languages, `Danish` language
- * https://github.com/MihaiValentin/lunr-languages
- *
- * Copyright 2014, Mihai Valentin
- * http://www.mozilla.org/MPL/
- */
-/*!
- * based on
- * Snowball JavaScript Library v0.3
- * http://code.google.com/p/urim/
- * http://snowball.tartarus.org/
- *
- * Copyright 2010, Oleg Mazko
- * http://www.mozilla.org/MPL/
- */
-
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.da=function(){this.pipeline.reset(),this.pipeline.add(e.da.trimmer,e.da.stopWordFilter,e.da.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.da.stemmer))},e.da.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤﬀ-ﬆＡ-Ｚａ-ｚ",e.da.trimmer=e.trimmerSupport.generateTrimmer(e.da.wordCharacters),e.Pipeline.registerFunction(e.da.trimmer,"trimmer-da"),e.da.stemmer=function(){var r=e.stemmerSupport.Among,i=e.stemmerSupport.SnowballProgram,n=new function(){function e(){var e,r=f.cursor+3;if(d=f.limit,0<=r&&r<=f.limit){for(a=r;;){if(e=f.cursor,f.in_grouping(w,97,248)){f.cursor=e;break}if(f.cursor=e,e>=f.limit)return;f.cursor++}for(;!f.out_grouping(w,97,248);){if(f.cursor>=f.limit)return;f.cursor++}d=f.cursor,d<a&&(d=a)}}function n(){var e,r;if(f.cursor>=d&&(r=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,e=f.find_among_b(c,32),f.limit_backward=r,e))switch(f.bra=f.cursor,e){case 1:f.slice_del();break;case 2:f.in_grouping_b(p,97,229)&&f.slice_del()}}function t(){var e,r=f.limit-f.cursor;f.cursor>=d&&(e=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,f.find_among_b(l,4)?(f.bra=f.cursor,f.limit_backward=e,f.cursor=f.limit-r,f.cursor>f.limit_backward&&(f.cursor--,f.bra=f.cursor,f.slice_del())):f.limit_backward=e)}function s(){var e,r,i,n=f.limit-f.cursor;if(f.ket=f.cursor,f.eq_s_b(2,"st")&&(f.bra=f.cursor,f.eq_s_b(2,"ig")&&f.slice_del()),f.cursor=f.limit-n,f.cursor>=d&&(r=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,e=f.find_among_b(m,5),f.limit_backward=r,e))switch(f.bra=f.cursor,e){case 1:f.slice_del(),i=f.limit-f.cursor,t(),f.cursor=f.limit-i;break;case 2:f.slice_from("løs")}}function o(){var e;f.cursor>=d&&(e=f.limit_backward,f.limit_backward=d,f.ket=f.cursor,f.out_grouping_b(w,97,248)?(f.bra=f.cursor,u=f.slice_to(u),f.limit_backward=e,f.eq_v_b(u)&&f.slice_del()):f.limit_backward=e)}var a,d,u,c=[new r("hed",-1,1),new r("ethed",0,1),new r("ered",-1,1),new r("e",-1,1),new r("erede",3,1),new r("ende",3,1),new r("erende",5,1),new r("ene",3,1),new r("erne",3,1),new r("ere",3,1),new r("en",-1,1),new r("heden",10,1),new r("eren",10,1),new r("er",-1,1),new r("heder",13,1),new r("erer",13,1),new r("s",-1,2),new r("heds",16,1),new r("es",16,1),new r("endes",18,1),new r("erendes",19,1),new r("enes",18,1),new r("ernes",18,1),new r("eres",18,1),new r("ens",16,1),new r("hedens",24,1),new r("erens",24,1),new r("ers",16,1),new r("ets",16,1),new r("erets",28,1),new r("et",-1,1),new r("eret",30,1)],l=[new r("gd",-1,-1),new r("dt",-1,-1),new r("gt",-1,-1),new r("kt",-1,-1)],m=[new r("ig",-1,1),new r("lig",0,1),new r("elig",1,1),new r("els",-1,1),new r("løst",-1,2)],w=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],p=[239,254,42,3,0,0,0,0,0,0,0,0,0,0,0,0,16],f=new i;this.setCurrent=function(e){f.setCurrent(e)},this.getCurrent=function(){return f.getCurrent()},this.stem=function(){var r=f.cursor;return e(),f.limit_backward=r,f.cursor=f.limit,n(),f.cursor=f.limit,t(),f.cursor=f.limit,s(),f.cursor=f.limit,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return n.setCurrent(e),n.stem(),n.getCurrent()}):(n.setCurrent(e),n.stem(),n.getCurrent())}}(),e.Pipeline.registerFunction(e.da.stemmer,"stemmer-da"),e.da.stopWordFilter=e.generateStopWordFilter("ad af alle alt anden at blev blive bliver da de dem den denne der deres det dette dig din disse dog du efter eller en end er et for fra ham han hans har havde have hende hendes her hos hun hvad hvis hvor i ikke ind jeg jer jo kunne man mange med meget men mig min mine mit mod ned noget nogle nu når og også om op os over på selv sig sin sine sit skal skulle som sådan thi til ud under var vi vil ville vor være været".split(" ")),e.Pipeline.registerFunction(e.da.stopWordFilter,"stopWordFilter-da")}});
@@ -1 +0,0 @@
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hi=function(){this.pipeline.reset(),this.pipeline.add(e.hi.trimmer,e.hi.stopWordFilter,e.hi.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.hi.stemmer))},e.hi.wordCharacters="ऀ-ःऄ-एऐ-टठ-यर-िी-ॏॐ-य़ॠ-९॰-ॿa-zA-Zａ-ｚＡ-Ｚ0-9０-９",e.hi.trimmer=e.trimmerSupport.generateTrimmer(e.hi.wordCharacters),e.Pipeline.registerFunction(e.hi.trimmer,"trimmer-hi"),e.hi.stopWordFilter=e.generateStopWordFilter("अत अपना अपनी अपने अभी अंदर आदि आप इत्यादि इन इनका इन्हीं इन्हें इन्हों इस इसका इसकी इसके इसमें इसी इसे उन उनका उनकी उनके उनको उन्हीं उन्हें उन्हों उस उसके उसी उसे एक एवं एस ऐसे और कई कर करता करते करना करने करें कहते कहा का काफ़ी कि कितना किन्हें किन्हों किया किर किस किसी किसे की कुछ कुल के को कोई कौन कौनसा गया घर जब जहाँ जा जितना जिन जिन्हें जिन्हों जिस जिसे जीधर जैसा जैसे जो तक तब तरह तिन तिन्हें तिन्हों तिस तिसे तो था थी थे दबारा दिया दुसरा दूसरे दो द्वारा न नके नहीं ना निहायत नीचे ने पर पहले पूरा पे फिर बनी बही बहुत बाद बाला बिलकुल भी भीतर मगर मानो मे में यदि यह यहाँ यही या यिह ये रखें रहा रहे ऱ्वासा लिए लिये लेकिन व वग़ैरह वर्ग वह वहाँ वहीं वाले वुह वे वो सकता सकते सबसे सभी साथ साबुत साभ सारा से सो संग ही हुआ हुई हुए है हैं हो होता होती होते होना होने".split(" ")),e.hi.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.hi.tokenizer=function(i){if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var t=i.toString().toLowerCase().replace(/^\s+/,"");return r.cut(t).split("|")},e.Pipeline.registerFunction(e.hi.stemmer,"stemmer-hi"),e.Pipeline.registerFunction(e.hi.stopWordFilter,"stopWordFilter-hi")}});
@@ -1 +0,0 @@
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hy=function(){this.pipeline.reset(),this.pipeline.add(e.hy.trimmer,e.hy.stopWordFilter)},e.hy.wordCharacters="[A-Za-z԰-֏ﬀ-ﭏ]",e.hy.trimmer=e.trimmerSupport.generateTrimmer(e.hy.wordCharacters),e.Pipeline.registerFunction(e.hy.trimmer,"trimmer-hy"),e.hy.stopWordFilter=e.generateStopWordFilter("դու և եք էիր էիք հետո նաև նրանք որը վրա է որ պիտի են այս մեջ ն իր ու ի այդ որոնք այն կամ էր մի ես համար այլ իսկ էին ենք հետ ին թ էինք մենք նրա նա դուք եմ էի ըստ որպես ում".split(" ")),e.Pipeline.registerFunction(e.hy.stopWordFilter,"stopWordFilter-hy"),e.hy.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}(),e.Pipeline.registerFunction(e.hy.stemmer,"stemmer-hy")}});
@@ -1 +0,0 @@
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r="2"==e.version[0];e.ja=function(){this.pipeline.reset(),this.pipeline.add(e.ja.trimmer,e.ja.stopWordFilter,e.ja.stemmer),r?this.tokenizer=e.ja.tokenizer:(e.tokenizer&&(e.tokenizer=e.ja.tokenizer),this.tokenizerFn&&(this.tokenizerFn=e.ja.tokenizer))};var t=new e.TinySegmenter;e.ja.tokenizer=function(i){var n,o,s,p,a,u,m,l,c,f;if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(t){return r?new e.Token(t.toLowerCase()):t.toLowerCase()});for(o=i.toString().toLowerCase().replace(/^\s+/,""),n=o.length-1;n>=0;n--)if(/\S/.test(o.charAt(n))){o=o.substring(0,n+1);break}for(a=[],s=o.length,c=0,l=0;c<=s;c++)if(u=o.charAt(c),m=c-l,u.match(/\s/)||c==s){if(m>0)for(p=t.segment(o.slice(l,c)).filter(function(e){return!!e}),f=l,n=0;n<p.length;n++)r?a.push(new e.Token(p[n],{position:[f,p[n].length],index:a.length})):a.push(p[n]),f+=p[n].length;l=c+1}return a},e.ja.stemmer=function(){return function(e){return e}}(),e.Pipeline.registerFunction(e.ja.stemmer,"stemmer-ja"),e.ja.wordCharacters="一二三四五六七八九十百千万億兆一-龠々〆ヵヶぁ-んァ-ヴーｱ-ﾝﾞa-zA-Zａ-ｚＡ-Ｚ0-9０-９",e.ja.trimmer=e.trimmerSupport.generateTrimmer(e.ja.wordCharacters),e.Pipeline.registerFunction(e.ja.trimmer,"trimmer-ja"),e.ja.stopWordFilter=e.generateStopWordFilter("これ それ あれ この その あの ここ そこ あそこ こちら どこ だれ なに なん 何 私 貴方 貴方方 我々 私達 あの人 あのかた 彼女 彼 です あります おります います は が の に を で え から まで より も どの と し それで しかし".split(" ")),e.Pipeline.registerFunction(e.ja.stopWordFilter,"stopWordFilter-ja"),e.jp=e.ja,e.Pipeline.registerFunction(e.jp.stemmer,"stemmer-jp"),e.Pipeline.registerFunction(e.jp.trimmer,"trimmer-jp"),e.Pipeline.registerFunction(e.jp.stopWordFilter,"stopWordFilter-jp")}});
@@ -1 +0,0 @@
-module.exports=require("./lunr.ja");
@@ -1 +0,0 @@
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.kn=function(){this.pipeline.reset(),this.pipeline.add(e.kn.trimmer,e.kn.stopWordFilter,e.kn.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.kn.stemmer))},e.kn.wordCharacters="ಀ-಄ಅ-ಔಕ-ಹಾ-ೌ಼-ಽೕ-ೖೝ-ೞೠ-ೡೢ-ೣ೤೥೦-೯ೱ-ೳ",e.kn.trimmer=e.trimmerSupport.generateTrimmer(e.kn.wordCharacters),e.Pipeline.registerFunction(e.kn.trimmer,"trimmer-kn"),e.kn.stopWordFilter=e.generateStopWordFilter("ಮತ್ತು ಈ ಒಂದು ರಲ್ಲಿ ಹಾಗೂ ಎಂದು ಅಥವಾ ಇದು ರ ಅವರು ಎಂಬ ಮೇಲೆ ಅವರ ತನ್ನ ಆದರೆ ತಮ್ಮ ನಂತರ ಮೂಲಕ ಹೆಚ್ಚು ನ ಆ ಕೆಲವು ಅನೇಕ ಎರಡು ಹಾಗು ಪ್ರಮುಖ ಇದನ್ನು ಇದರ ಸುಮಾರು ಅದರ ಅದು ಮೊದಲ ಬಗ್ಗೆ ನಲ್ಲಿ ರಂದು ಇತರ ಅತ್ಯಂತ ಹೆಚ್ಚಿನ ಸಹ ಸಾಮಾನ್ಯವಾಗಿ ನೇ ಹಲವಾರು ಹೊಸ ದಿ ಕಡಿಮೆ ಯಾವುದೇ ಹೊಂದಿದೆ ದೊಡ್ಡ ಅನ್ನು ಇವರು ಪ್ರಕಾರ ಇದೆ ಮಾತ್ರ ಕೂಡ ಇಲ್ಲಿ ಎಲ್ಲಾ ವಿವಿಧ ಅದನ್ನು ಹಲವು ರಿಂದ ಕೇವಲ ದ ದಕ್ಷಿಣ ಗೆ ಅವನ ಅತಿ ನೆಯ ಬಹಳ ಕೆಲಸ ಎಲ್ಲ ಪ್ರತಿ ಇತ್ಯಾದಿ ಇವು ಬೇರೆ ಹೀಗೆ ನಡುವೆ ಇದಕ್ಕೆ ಎಸ್ ಇವರ ಮೊದಲು ಶ್ರೀ ಮಾಡುವ ಇದರಲ್ಲಿ ರೀತಿಯ ಮಾಡಿದ ಕಾಲ ಅಲ್ಲಿ ಮಾಡಲು ಅದೇ ಈಗ ಅವು ಗಳು ಎ ಎಂಬುದು ಅವನು ಅಂದರೆ ಅವರಿಗೆ ಇರುವ ವಿಶೇಷ ಮುಂದೆ ಅವುಗಳ ಮುಂತಾದ ಮೂಲ ಬಿ ಮೀ ಒಂದೇ ಇನ್ನೂ ಹೆಚ್ಚಾಗಿ ಮಾಡಿ ಅವರನ್ನು ಇದೇ ಯ ರೀತಿಯಲ್ಲಿ ಜೊತೆ ಅದರಲ್ಲಿ ಮಾಡಿದರು ನಡೆದ ಆಗ ಮತ್ತೆ ಪೂರ್ವ ಆತ ಬಂದ ಯಾವ ಒಟ್ಟು ಇತರೆ ಹಿಂದೆ ಪ್ರಮಾಣದ ಗಳನ್ನು ಕುರಿತು ಯು ಆದ್ದರಿಂದ ಅಲ್ಲದೆ ನಗರದ ಮೇಲಿನ ಏಕೆಂದರೆ ರಷ್ಟು ಎಂಬುದನ್ನು ಬಾರಿ ಎಂದರೆ ಹಿಂದಿನ ಆದರೂ ಆದ ಸಂಬಂಧಿಸಿದ ಮತ್ತೊಂದು ಸಿ ಆತನ ".split(" ")),e.kn.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.kn.tokenizer=function(t){if(!arguments.length||null==t||void 0==t)return[];if(Array.isArray(t))return t.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var n=t.toString().toLowerCase().replace(/^\s+/,"");return r.cut(n).split("|")},e.Pipeline.registerFunction(e.kn.stemmer,"stemmer-kn"),e.Pipeline.registerFunction(e.kn.stopWordFilter,"stopWordFilter-kn")}});
@@ -1 +0,0 @@
-!function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){e.multiLanguage=function(){for(var t=Array.prototype.slice.call(arguments),i=t.join("-"),r="",n=[],s=[],p=0;p<t.length;++p)"en"==t[p]?(r+="\\w",n.unshift(e.stopWordFilter),n.push(e.stemmer),s.push(e.stemmer)):(r+=e[t[p]].wordCharacters,e[t[p]].stopWordFilter&&n.unshift(e[t[p]].stopWordFilter),e[t[p]].stemmer&&(n.push(e[t[p]].stemmer),s.push(e[t[p]].stemmer)));var o=e.trimmerSupport.generateTrimmer(r);return e.Pipeline.registerFunction(o,"lunr-multi-trimmer-"+i),n.unshift(o),function(){this.pipeline.reset(),this.pipeline.add.apply(this.pipeline,n),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add.apply(this.searchPipeline,s))}}}});
@@ -1,18 +0,0 @@
-/*!
- * Lunr languages, `Norwegian` language
- * https://github.com/MihaiValentin/lunr-languages
- *
- * Copyright 2014, Mihai Valentin
- * http://www.mozilla.org/MPL/
- */
-/*!
- * based on
- * Snowball JavaScript Library v0.3
- * http://code.google.com/p/urim/
- * http://snowball.tartarus.org/
- *
- * Copyright 2010, Oleg Mazko
- * http://www.mozilla.org/MPL/
- */
-
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.no=function(){this.pipeline.reset(),this.pipeline.add(e.no.trimmer,e.no.stopWordFilter,e.no.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.no.stemmer))},e.no.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤﬀ-ﬆＡ-Ｚａ-ｚ",e.no.trimmer=e.trimmerSupport.generateTrimmer(e.no.wordCharacters),e.Pipeline.registerFunction(e.no.trimmer,"trimmer-no"),e.no.stemmer=function(){var r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,i=new function(){function e(){var e,r=w.cursor+3;if(a=w.limit,0<=r||r<=w.limit){for(s=r;;){if(e=w.cursor,w.in_grouping(d,97,248)){w.cursor=e;break}if(e>=w.limit)return;w.cursor=e+1}for(;!w.out_grouping(d,97,248);){if(w.cursor>=w.limit)return;w.cursor++}a=w.cursor,a<s&&(a=s)}}function i(){var e,r,n;if(w.cursor>=a&&(r=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,e=w.find_among_b(m,29),w.limit_backward=r,e))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:n=w.limit-w.cursor,w.in_grouping_b(c,98,122)?w.slice_del():(w.cursor=w.limit-n,w.eq_s_b(1,"k")&&w.out_grouping_b(d,97,248)&&w.slice_del());break;case 3:w.slice_from("er")}}function t(){var e,r=w.limit-w.cursor;w.cursor>=a&&(e=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,w.find_among_b(u,2)?(w.bra=w.cursor,w.limit_backward=e,w.cursor=w.limit-r,w.cursor>w.limit_backward&&(w.cursor--,w.bra=w.cursor,w.slice_del())):w.limit_backward=e)}function o(){var e,r;w.cursor>=a&&(r=w.limit_backward,w.limit_backward=a,w.ket=w.cursor,e=w.find_among_b(l,11),e?(w.bra=w.cursor,w.limit_backward=r,1==e&&w.slice_del()):w.limit_backward=r)}var s,a,m=[new r("a",-1,1),new r("e",-1,1),new r("ede",1,1),new r("ande",1,1),new r("ende",1,1),new r("ane",1,1),new r("ene",1,1),new r("hetene",6,1),new r("erte",1,3),new r("en",-1,1),new r("heten",9,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",12,1),new r("s",-1,2),new r("as",14,1),new r("es",14,1),new r("edes",16,1),new r("endes",16,1),new r("enes",16,1),new r("hetenes",19,1),new r("ens",14,1),new r("hetens",21,1),new r("ers",14,1),new r("ets",14,1),new r("et",-1,1),new r("het",25,1),new r("ert",-1,3),new r("ast",-1,1)],u=[new r("dt",-1,-1),new r("vt",-1,-1)],l=[new r("leg",-1,1),new r("eleg",0,1),new r("ig",-1,1),new r("eig",2,1),new r("lig",2,1),new r("elig",4,1),new r("els",-1,1),new r("lov",-1,1),new r("elov",7,1),new r("slov",7,1),new r("hetslov",9,1)],d=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,48,0,128],c=[119,125,149,1],w=new n;this.setCurrent=function(e){w.setCurrent(e)},this.getCurrent=function(){return w.getCurrent()},this.stem=function(){var r=w.cursor;return e(),w.limit_backward=r,w.cursor=w.limit,i(),w.cursor=w.limit,t(),w.cursor=w.limit,o(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return i.setCurrent(e),i.stem(),i.getCurrent()}):(i.setCurrent(e),i.stem(),i.getCurrent())}}(),e.Pipeline.registerFunction(e.no.stemmer,"stemmer-no"),e.no.stopWordFilter=e.generateStopWordFilter("alle at av bare begge ble blei bli blir blitt både båe da de deg dei deim deira deires dem den denne der dere deres det dette di din disse ditt du dykk dykkar då eg ein eit eitt eller elles en enn er et ett etter for fordi fra før ha hadde han hans har hennar henne hennes her hjå ho hoe honom hoss hossen hun hva hvem hver hvilke hvilken hvis hvor hvordan hvorfor i ikke ikkje ikkje ingen ingi inkje inn inni ja jeg kan kom korleis korso kun kunne kva kvar kvarhelst kven kvi kvifor man mange me med medan meg meget mellom men mi min mine mitt mot mykje ned no noe noen noka noko nokon nokor nokre nå når og også om opp oss over på samme seg selv si si sia sidan siden sin sine sitt sjøl skal skulle slik so som som somme somt så sånn til um upp ut uten var vart varte ved vere verte vi vil ville vore vors vort vår være være vært å".split(" ")),e.Pipeline.registerFunction(e.no.stopWordFilter,"stopWordFilter-no")}});
@@ -1 +0,0 @@
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.sa=function(){this.pipeline.reset(),this.pipeline.add(e.sa.trimmer,e.sa.stopWordFilter,e.sa.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.sa.stemmer))},e.sa.wordCharacters="ऀ-ःऄ-एऐ-टठ-यर-िी-ॏॐ-य़ॠ-९॰-ॿ꣠-꣱ꣲ-ꣷ꣸-ꣻ꣼-ꣽꣾ-ꣿᆰ0-ᆰ9",e.sa.trimmer=e.trimmerSupport.generateTrimmer(e.sa.wordCharacters),e.Pipeline.registerFunction(e.sa.trimmer,"trimmer-sa"),e.sa.stopWordFilter=e.generateStopWordFilter('तथा अयम्‌ एकम्‌ इत्यस्मिन्‌ तथा तत्‌ वा अयम्‌ इत्यस्य ते आहूत उपरि तेषाम्‌  किन्तु तेषाम्‌ तदा इत्यनेन अधिकः इत्यस्य तत्‌ केचन बहवः द्वि तथा महत्वपूर्णः अयम्‌ अस्य  विषये अयं अस्ति तत्‌ प्रथमः विषये इत्युपरि इत्युपरि इतर अधिकतमः अधिकः अपि सामान्यतया ठ इतरेतर नूतनम्‌ द  न्यूनम्‌ कश्चित्‌ वा विशालः द  सः अस्ति तदनुसारम् तत्र अस्ति केवलम्‌ अपि अत्र सर्वे विविधाः तत्‌ बहवः यतः इदानीम्‌ द  दक्षिण इत्यस्मै तस्य उपरि नथ अतीव कार्यम्‌ सर्वे एकैकम्‌ इत्यादि। एते सन्ति  उत इत्थम्‌ मध्ये एतदर्थं . स कस्य प्रथमः श्री. करोति अस्मिन् प्रकारः निर्मिता कालः तत्र कर्तुं  समान अधुना ते सन्ति स एकः अस्ति सः अर्थात् तेषां कृते . स्थितम्  विशेषः अग्रिम तेषाम्‌ समान स्रोतः ख म समान इदानीमपि अधिकतया करोतु ते समान इत्यस्य वीथी सह यस्मिन्  कृतवान्‌ धृतः तदा पुनः पूर्वं सः आगतः किम्‌ कुल इतर पुरा  मात्रा स विषये उ अतएव अपि नगरस्य  उपरि यतः प्रतिशतं  कतरः कालः साधनानि भूत तथापि जात सम्बन्धि अन्यत्‌ ग अतः अस्माकं स्वकीयाः अस्माकं इदानीं अन्तः इत्यादयः भवन्तः इत्यादयः एते एताः तस्य अस्य इदम् एते तेषां तेषां तेषां तान् तेषां तेषां तेषां समानः सः एकः च तादृशाः बहवः अन्ये च वदन्ति यत् कियत् कस्मै  कस्मै  यस्मै  यस्मै  यस्मै  यस्मै न अतिनीचः किन्तु प्रथमं सम्पूर्णतया  ततः चिरकालानन्तरं पुस्तकं सम्पूर्णतया अन्तः  किन्तु अत्र वा इह इव श्रद्धाय अवशिष्यते  परन्तु अन्ये वर्गाः सन्ति ते सन्ति शक्नुवन्ति सर्वे मिलित्वा सर्वे एकत्र"'.split(" ")),e.sa.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.sa.tokenizer=function(t){if(!arguments.length||null==t||void 0==t)return[];if(Array.isArray(t))return t.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var i=t.toString().toLowerCase().replace(/^\s+/,"");return r.cut(i).split("|")},e.Pipeline.registerFunction(e.sa.stemmer,"stemmer-sa"),e.Pipeline.registerFunction(e.sa.stopWordFilter,"stopWordFilter-sa")}});
@@ -1 +0,0 @@
-!function(r,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(r.lunr)}(this,function(){return function(r){r.stemmerSupport={Among:function(r,t,i,s){if(this.toCharArray=function(r){for(var t=r.length,i=new Array(t),s=0;s<t;s++)i[s]=r.charCodeAt(s);return i},!r&&""!=r||!t&&0!=t||!i)throw"Bad Among initialisation: s:"+r+", substring_i: "+t+", result: "+i;this.s_size=r.length,this.s=this.toCharArray(r),this.substring_i=t,this.result=i,this.method=s},SnowballProgram:function(){var r;return{bra:0,ket:0,limit:0,cursor:0,limit_backward:0,setCurrent:function(t){r=t,this.cursor=0,this.limit=t.length,this.limit_backward=0,this.bra=this.cursor,this.ket=this.limit},getCurrent:function(){var t=r;return r=null,t},in_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},in_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},out_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e>s||e<i)return this.cursor++,!0;if(e-=i,!(t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},out_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e>s||e<i)return this.cursor--,!0;if(e-=i,!(t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},eq_s:function(t,i){if(this.limit-this.cursor<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor+s)!=i.charCodeAt(s))return!1;return this.cursor+=t,!0},eq_s_b:function(t,i){if(this.cursor-this.limit_backward<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor-t+s)!=i.charCodeAt(s))return!1;return this.cursor-=t,!0},find_among:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=l;m<_.s_size;m++){if(n+l==u){f=-1;break}if(f=r.charCodeAt(n+l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0||e==s||c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n+_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n+_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},find_among_b:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit_backward,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=_.s_size-1-l;m>=0;m--){if(n-l==u){f=-1;break}if(f=r.charCodeAt(n-1-l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0||e==s||c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n-_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n-_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},replace_s:function(t,i,s){var e=s.length-(i-t),n=r.substring(0,t),u=r.substring(i);return r=n+s+u,this.limit+=e,this.cursor>=i?this.cursor+=e:this.cursor>t&&(this.cursor=t),e},slice_check:function(){if(this.bra<0||this.bra>this.ket||this.ket>this.limit||this.limit>r.length)throw"faulty slice operation"},slice_from:function(r){this.slice_check(),this.replace_s(this.bra,this.ket,r)},slice_del:function(){this.slice_from("")},insert:function(r,t,i){var s=this.replace_s(r,t,i);r<=this.bra&&(this.bra+=s),r<=this.ket&&(this.ket+=s)},slice_to:function(){return this.slice_check(),r.substring(this.bra,this.ket)},eq_v_b:function(r){return this.eq_s_b(r.length,r)}}}},r.trimmerSupport={generateTrimmer:function(r){var t=new RegExp("^[^"+r+"]+"),i=new RegExp("[^"+r+"]+$");return function(r){return"function"==typeof r.update?r.update(function(r){return r.replace(t,"").replace(i,"")}):r.replace(t,"").replace(i,"")}}}}});
@@ -1,18 +0,0 @@
-/*!
- * Lunr languages, `Swedish` language
- * https://github.com/MihaiValentin/lunr-languages
- *
- * Copyright 2014, Mihai Valentin
- * http://www.mozilla.org/MPL/
- */
-/*!
- * based on
- * Snowball JavaScript Library v0.3
- * http://code.google.com/p/urim/
- * http://snowball.tartarus.org/
- *
- * Copyright 2010, Oleg Mazko
- * http://www.mozilla.org/MPL/
- */
-
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.sv=function(){this.pipeline.reset(),this.pipeline.add(e.sv.trimmer,e.sv.stopWordFilter,e.sv.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.sv.stemmer))},e.sv.wordCharacters="A-Za-zªºÀ-ÖØ-öø-ʸˠ-ˤᴀ-ᴥᴬ-ᵜᵢ-ᵥᵫ-ᵷᵹ-ᶾḀ-ỿⁱⁿₐ-ₜKÅℲⅎⅠ-ↈⱠ-ⱿꜢ-ꞇꞋ-ꞭꞰ-ꞷꟷ-ꟿꬰ-ꭚꭜ-ꭤﬀ-ﬆＡ-Ｚａ-ｚ",e.sv.trimmer=e.trimmerSupport.generateTrimmer(e.sv.wordCharacters),e.Pipeline.registerFunction(e.sv.trimmer,"trimmer-sv"),e.sv.stemmer=function(){var r=e.stemmerSupport.Among,n=e.stemmerSupport.SnowballProgram,t=new function(){function e(){var e,r=w.cursor+3;if(o=w.limit,0<=r||r<=w.limit){for(a=r;;){if(e=w.cursor,w.in_grouping(l,97,246)){w.cursor=e;break}if(w.cursor=e,w.cursor>=w.limit)return;w.cursor++}for(;!w.out_grouping(l,97,246);){if(w.cursor>=w.limit)return;w.cursor++}o=w.cursor,o<a&&(o=a)}}function t(){var e,r=w.limit_backward;if(w.cursor>=o&&(w.limit_backward=o,w.cursor=w.limit,w.ket=w.cursor,e=w.find_among_b(u,37),w.limit_backward=r,e))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:w.in_grouping_b(d,98,121)&&w.slice_del()}}function i(){var e=w.limit_backward;w.cursor>=o&&(w.limit_backward=o,w.cursor=w.limit,w.find_among_b(c,7)&&(w.cursor=w.limit,w.ket=w.cursor,w.cursor>w.limit_backward&&(w.bra=--w.cursor,w.slice_del())),w.limit_backward=e)}function s(){var e,r;if(w.cursor>=o){if(r=w.limit_backward,w.limit_backward=o,w.cursor=w.limit,w.ket=w.cursor,e=w.find_among_b(m,5))switch(w.bra=w.cursor,e){case 1:w.slice_del();break;case 2:w.slice_from("lös");break;case 3:w.slice_from("full")}w.limit_backward=r}}var a,o,u=[new r("a",-1,1),new r("arna",0,1),new r("erna",0,1),new r("heterna",2,1),new r("orna",0,1),new r("ad",-1,1),new r("e",-1,1),new r("ade",6,1),new r("ande",6,1),new r("arne",6,1),new r("are",6,1),new r("aste",6,1),new r("en",-1,1),new r("anden",12,1),new r("aren",12,1),new r("heten",12,1),new r("ern",-1,1),new r("ar",-1,1),new r("er",-1,1),new r("heter",18,1),new r("or",-1,1),new r("s",-1,2),new r("as",21,1),new r("arnas",22,1),new r("ernas",22,1),new r("ornas",22,1),new r("es",21,1),new r("ades",26,1),new r("andes",26,1),new r("ens",21,1),new r("arens",29,1),new r("hetens",29,1),new r("erns",21,1),new r("at",-1,1),new r("andet",-1,1),new r("het",-1,1),new r("ast",-1,1)],c=[new r("dd",-1,-1),new r("gd",-1,-1),new r("nn",-1,-1),new r("dt",-1,-1),new r("gt",-1,-1),new r("kt",-1,-1),new r("tt",-1,-1)],m=[new r("ig",-1,1),new r("lig",0,1),new r("els",-1,1),new r("fullt",-1,3),new r("löst",-1,2)],l=[17,65,16,1,0,0,0,0,0,0,0,0,0,0,0,0,24,0,32],d=[119,127,149],w=new n;this.setCurrent=function(e){w.setCurrent(e)},this.getCurrent=function(){return w.getCurrent()},this.stem=function(){var r=w.cursor;return e(),w.limit_backward=r,w.cursor=w.limit,t(),w.cursor=w.limit,i(),w.cursor=w.limit,s(),!0}};return function(e){return"function"==typeof e.update?e.update(function(e){return t.setCurrent(e),t.stem(),t.getCurrent()}):(t.setCurrent(e),t.stem(),t.getCurrent())}}(),e.Pipeline.registerFunction(e.sv.stemmer,"stemmer-sv"),e.sv.stopWordFilter=e.generateStopWordFilter("alla allt att av blev bli blir blivit de dem den denna deras dess dessa det detta dig din dina ditt du där då efter ej eller en er era ert ett från för ha hade han hans har henne hennes hon honom hur här i icke ingen inom inte jag ju kan kunde man med mellan men mig min mina mitt mot mycket ni nu när någon något några och om oss på samma sedan sig sin sina sitta själv skulle som så sådan sådana sådant till under upp ut utan vad var vara varför varit varje vars vart vem vi vid vilka vilkas vilken vilket vår våra vårt än är åt över".split(" ")),e.Pipeline.registerFunction(e.sv.stopWordFilter,"stopWordFilter-sv")}});
@@ -1 +0,0 @@
-!function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.ta=function(){this.pipeline.reset(),this.pipeline.add(e.ta.trimmer,e.ta.stopWordFilter,e.ta.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.ta.stemmer))},e.ta.wordCharacters="஀-உஊ-ஏஐ-ஙச-ட஠-னப-யர-ஹ஺-ிீ-௉ொ-௏ௐ-௙௚-௟௠-௩௪-௯௰-௹௺-௿a-zA-Zａ-ｚＡ-Ｚ0-9０-９",e.ta.trimmer=e.trimmerSupport.generateTrimmer(e.ta.wordCharacters),e.Pipeline.registerFunction(e.ta.trimmer,"trimmer-ta"),e.ta.stopWordFilter=e.generateStopWordFilter("அங்கு அங்கே அது அதை அந்த அவர் அவர்கள் அவள் அவன் அவை ஆக ஆகவே ஆகையால் ஆதலால் ஆதலினால் ஆனாலும் ஆனால் இங்கு இங்கே இது இதை இந்த இப்படி இவர் இவர்கள் இவள் இவன் இவை இவ்வளவு உனக்கு உனது உன் உன்னால் எங்கு எங்கே எது எதை எந்த எப்படி எவர் எவர்கள் எவள் எவன் எவை எவ்வளவு எனக்கு எனது எனவே என் என்ன என்னால் ஏது ஏன் தனது தன்னால் தானே தான் நாங்கள் நாம் நான் நீ நீங்கள்".split(" ")),e.ta.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var t=e.wordcut;t.init(),e.ta.tokenizer=function(r){if(!arguments.length||null==r||void 0==r)return[];if(Array.isArray(r))return r.map(function(t){return isLunr2?new e.Token(t.toLowerCase()):t.toLowerCase()});var i=r.toString().toLowerCase().replace(/^\s+/,"");return t.cut(i).split("|")},e.Pipeline.registerFunction(e.ta.stemmer,"stemmer-ta"),e.Pipeline.registerFunction(e.ta.stopWordFilter,"stopWordFilter-ta")}});
@@ -1 +0,0 @@
-!function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.te=function(){this.pipeline.reset(),this.pipeline.add(e.te.trimmer,e.te.stopWordFilter,e.te.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.te.stemmer))},e.te.wordCharacters="ఀ-ఄఅ-ఔక-హా-ౌౕ-ౖౘ-ౚౠ-ౡౢ-ౣ౦-౯౸-౿఼ఽ్ౝ౷౤౥",e.te.trimmer=e.trimmerSupport.generateTrimmer(e.te.wordCharacters),e.Pipeline.registerFunction(e.te.trimmer,"trimmer-te"),e.te.stopWordFilter=e.generateStopWordFilter("అందరూ అందుబాటులో అడగండి అడగడం అడ్డంగా అనుగుణంగా అనుమతించు అనుమతిస్తుంది అయితే ఇప్పటికే ఉన్నారు ఎక్కడైనా ఎప్పుడు ఎవరైనా ఎవరో ఏ ఏదైనా ఏమైనప్పటికి ఒక ఒకరు కనిపిస్తాయి కాదు కూడా గా గురించి చుట్టూ చేయగలిగింది తగిన తర్వాత దాదాపు దూరంగా నిజంగా పై ప్రకారం ప్రక్కన మధ్య మరియు మరొక మళ్ళీ మాత్రమే మెచ్చుకో వద్ద వెంట వేరుగా వ్యతిరేకంగా సంబంధం".split(" ")),e.te.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var t=e.wordcut;t.init(),e.te.tokenizer=function(r){if(!arguments.length||null==r||void 0==r)return[];if(Array.isArray(r))return r.map(function(t){return isLunr2?new e.Token(t.toLowerCase()):t.toLowerCase()});var i=r.toString().toLowerCase().replace(/^\s+/,"");return t.cut(i).split("|")},e.Pipeline.registerFunction(e.te.stemmer,"stemmer-te"),e.Pipeline.registerFunction(e.te.stopWordFilter,"stopWordFilter-te")}});
@@ -1 +0,0 @@
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var r="2"==e.version[0];e.th=function(){this.pipeline.reset(),this.pipeline.add(e.th.trimmer),r?this.tokenizer=e.th.tokenizer:(e.tokenizer&&(e.tokenizer=e.th.tokenizer),this.tokenizerFn&&(this.tokenizerFn=e.th.tokenizer))},e.th.wordCharacters="[฀-๿]",e.th.trimmer=e.trimmerSupport.generateTrimmer(e.th.wordCharacters),e.Pipeline.registerFunction(e.th.trimmer,"trimmer-th");var t=e.wordcut;t.init(),e.th.tokenizer=function(i){if(!arguments.length||null==i||void 0==i)return[];if(Array.isArray(i))return i.map(function(t){return r?new e.Token(t):t});var n=i.toString().replace(/^\s+/,"");return t.cut(n).split("|")}}});
@@ -1 +0,0 @@
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.vi=function(){this.pipeline.reset(),this.pipeline.add(e.vi.stopWordFilter,e.vi.trimmer)},e.vi.wordCharacters="[A-Za-ẓ̀͐́͑̉̃̓ÂâÊêÔôĂ-ăĐ-đƠ-ơƯ-ư]",e.vi.trimmer=e.trimmerSupport.generateTrimmer(e.vi.wordCharacters),e.Pipeline.registerFunction(e.vi.trimmer,"trimmer-vi"),e.vi.stopWordFilter=e.generateStopWordFilter("là cái nhưng mà".split(" "))}});
@@ -1 +0,0 @@
-!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r(require("@node-rs/jieba")):r()(e.lunr)}(this,function(e){return function(r,t){if(void 0===r)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===r.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");var i="2"==r.version[0];r.zh=function(){this.pipeline.reset(),this.pipeline.add(r.zh.trimmer,r.zh.stopWordFilter,r.zh.stemmer),i?this.tokenizer=r.zh.tokenizer:(r.tokenizer&&(r.tokenizer=r.zh.tokenizer),this.tokenizerFn&&(this.tokenizerFn=r.zh.tokenizer))},r.zh.tokenizer=function(n){if(!arguments.length||null==n||void 0==n)return[];if(Array.isArray(n))return n.map(function(e){return i?new r.Token(e.toLowerCase()):e.toLowerCase()});t&&e.load(t);var o=n.toString().trim().toLowerCase(),s=[];e.cut(o,!0).forEach(function(e){s=s.concat(e.split(" "))}),s=s.filter(function(e){return!!e});var u=0;return s.map(function(e,t){if(i){var n=o.indexOf(e,u),s={};return s.position=[n,e.length],s.index=t,u=n,new r.Token(e,s)}return e})},r.zh.wordCharacters="\\w一-龥",r.zh.trimmer=r.trimmerSupport.generateTrimmer(r.zh.wordCharacters),r.Pipeline.registerFunction(r.zh.trimmer,"trimmer-zh"),r.zh.stemmer=function(){return function(e){return e}}(),r.Pipeline.registerFunction(r.zh.stemmer,"stemmer-zh"),r.zh.stopWordFilter=r.generateStopWordFilter("的 一 不 在 人 有 是 为 為 以 于 於 上 他 而 后 後 之 来 來 及 了 因 下 可 到 由 这 這 与 與 也 此 但 并 並 个 個 其 已 无 無 小 我 们 們 起 最 再 今 去 好 只 又 或 很 亦 某 把 那 你 乃 它 吧 被 比 别 趁 当 當 从 從 得 打 凡 儿 兒 尔 爾 该 該 各 给 給 跟 和 何 还 還 即 几 幾 既 看 据 據 距 靠 啦 另 么 麽 每 嘛 拿 哪 您 凭 憑 且 却 卻 让 讓 仍 啥 如 若 使 谁 誰 虽 雖 随 隨 同 所 她 哇 嗡 往 些 向 沿 哟 喲 用 咱 则 則 怎 曾 至 致 着 著 诸 諸 自".split(" ")),r.Pipeline.registerFunction(r.zh.stopWordFilter,"stopWordFilter-zh")}});
@@ -1,206 +0,0 @@
-/**
- * export the module via AMD, CommonJS or as a browser global
- * Export code from https://github.com/umdjs/umd/blob/master/returnExports.js
- */
-;(function (root, factory) {
-    if (typeof define === 'function' && define.amd) {
-        // AMD. Register as an anonymous module.
-        define(factory)
-    } else if (typeof exports === 'object') {
-        /**
-         * Node. Does not work with strict CommonJS, but
-         * only CommonJS-like environments that support module.exports,
-         * like Node.
-         */
-        module.exports = factory()
-    } else {
-        // Browser globals (root is window)
-        factory()(root.lunr);
-    }
-}(this, function () {
-    /**
-     * Just return a value to define the module export.
-     * This example returns an object, but the module
-     * can return a function as the exported value.
-     */
-
-    return function(lunr) {
-        // TinySegmenter 0.1 -- Super compact Japanese tokenizer in Javascript
-        // (c) 2008 Taku Kudo <taku@chasen.org>
-        // TinySegmenter is freely distributable under the terms of a new BSD licence.
-        // For details, see http://chasen.org/~taku/software/TinySegmenter/LICENCE.txt
-
-        function TinySegmenter() {
-          var patterns = {
-            "[一二三四五六七八九十百千万億兆]":"M",
-            "[一-龠々〆ヵヶ]":"H",
-            "[ぁ-ん]":"I",
-            "[ァ-ヴーｱ-ﾝﾞｰ]":"K",
-            "[a-zA-Zａ-ｚＡ-Ｚ]":"A",
-            "[0-9０-９]":"N"
-          }
-          this.chartype_ = [];
-          for (var i in patterns) {
-            var regexp = new RegExp(i);
-            this.chartype_.push([regexp, patterns[i]]);
-          }
-
-          this.BIAS__ = -332
-          this.BC1__ = {"HH":6,"II":2461,"KH":406,"OH":-1378};
-          this.BC2__ = {"AA":-3267,"AI":2744,"AN":-878,"HH":-4070,"HM":-1711,"HN":4012,"HO":3761,"IA":1327,"IH":-1184,"II":-1332,"IK":1721,"IO":5492,"KI":3831,"KK":-8741,"MH":-3132,"MK":3334,"OO":-2920};
-          this.BC3__ = {"HH":996,"HI":626,"HK":-721,"HN":-1307,"HO":-836,"IH":-301,"KK":2762,"MK":1079,"MM":4034,"OA":-1652,"OH":266};
-          this.BP1__ = {"BB":295,"OB":304,"OO":-125,"UB":352};
-          this.BP2__ = {"BO":60,"OO":-1762};
-          this.BQ1__ = {"BHH":1150,"BHM":1521,"BII":-1158,"BIM":886,"BMH":1208,"BNH":449,"BOH":-91,"BOO":-2597,"OHI":451,"OIH":-296,"OKA":1851,"OKH":-1020,"OKK":904,"OOO":2965};
-          this.BQ2__ = {"BHH":118,"BHI":-1159,"BHM":466,"BIH":-919,"BKK":-1720,"BKO":864,"OHH":-1139,"OHM":-181,"OIH":153,"UHI":-1146};
-          this.BQ3__ = {"BHH":-792,"BHI":2664,"BII":-299,"BKI":419,"BMH":937,"BMM":8335,"BNN":998,"BOH":775,"OHH":2174,"OHM":439,"OII":280,"OKH":1798,"OKI":-793,"OKO":-2242,"OMH":-2402,"OOO":11699};
-          this.BQ4__ = {"BHH":-3895,"BIH":3761,"BII":-4654,"BIK":1348,"BKK":-1806,"BMI":-3385,"BOO":-12396,"OAH":926,"OHH":266,"OHK":-2036,"ONN":-973};
-          this.BW1__ = {",と":660,",同":727,"B1あ":1404,"B1同":542,"、と":660,"、同":727,"」と":1682,"あっ":1505,"いう":1743,"いっ":-2055,"いる":672,"うし":-4817,"うん":665,"から":3472,"がら":600,"こう":-790,"こと":2083,"こん":-1262,"さら":-4143,"さん":4573,"した":2641,"して":1104,"すで":-3399,"そこ":1977,"それ":-871,"たち":1122,"ため":601,"った":3463,"つい":-802,"てい":805,"てき":1249,"でき":1127,"です":3445,"では":844,"とい":-4915,"とみ":1922,"どこ":3887,"ない":5713,"なっ":3015,"など":7379,"なん":-1113,"にし":2468,"には":1498,"にも":1671,"に対":-912,"の一":-501,"の中":741,"ませ":2448,"まで":1711,"まま":2600,"まる":-2155,"やむ":-1947,"よっ":-2565,"れた":2369,"れで":-913,"をし":1860,"を見":731,"亡く":-1886,"京都":2558,"取り":-2784,"大き":-2604,"大阪":1497,"平方":-2314,"引き":-1336,"日本":-195,"本当":-2423,"毎日":-2113,"目指":-724,"Ｂ１あ":1404,"Ｂ１同":542,"｣と":1682};
-          this.BW2__ = {"..":-11822,"11":-669,"――":-5730,"−−":-13175,"いう":-1609,"うか":2490,"かし":-1350,"かも":-602,"から":-7194,"かれ":4612,"がい":853,"がら":-3198,"きた":1941,"くな":-1597,"こと":-8392,"この":-4193,"させ":4533,"され":13168,"さん":-3977,"しい":-1819,"しか":-545,"した":5078,"して":972,"しな":939,"その":-3744,"たい":-1253,"たた":-662,"ただ":-3857,"たち":-786,"たと":1224,"たは":-939,"った":4589,"って":1647,"っと":-2094,"てい":6144,"てき":3640,"てく":2551,"ては":-3110,"ても":-3065,"でい":2666,"でき":-1528,"でし":-3828,"です":-4761,"でも":-4203,"とい":1890,"とこ":-1746,"とと":-2279,"との":720,"とみ":5168,"とも":-3941,"ない":-2488,"なが":-1313,"など":-6509,"なの":2614,"なん":3099,"にお":-1615,"にし":2748,"にな":2454,"によ":-7236,"に対":-14943,"に従":-4688,"に関":-11388,"のか":2093,"ので":-7059,"のに":-6041,"のの":-6125,"はい":1073,"はが":-1033,"はず":-2532,"ばれ":1813,"まし":-1316,"まで":-6621,"まれ":5409,"めて":-3153,"もい":2230,"もの":-10713,"らか":-944,"らし":-1611,"らに":-1897,"りし":651,"りま":1620,"れた":4270,"れて":849,"れば":4114,"ろう":6067,"われ":7901,"を通":-11877,"んだ":728,"んな":-4115,"一人":602,"一方":-1375,"一日":970,"一部":-1051,"上が":-4479,"会社":-1116,"出て":2163,"分の":-7758,"同党":970,"同日":-913,"大阪":-2471,"委員":-1250,"少な":-1050,"年度":-8669,"年間":-1626,"府県":-2363,"手権":-1982,"新聞":-4066,"日新":-722,"日本":-7068,"日米":3372,"曜日":-601,"朝鮮":-2355,"本人":-2697,"東京":-1543,"然と":-1384,"社会":-1276,"立て":-990,"第に":-1612,"米国":-4268,"１１":-669};
-          this.BW3__ = {"あた":-2194,"あり":719,"ある":3846,"い.":-1185,"い。":-1185,"いい":5308,"いえ":2079,"いく":3029,"いた":2056,"いっ":1883,"いる":5600,"いわ":1527,"うち":1117,"うと":4798,"えと":1454,"か.":2857,"か。":2857,"かけ":-743,"かっ":-4098,"かに":-669,"から":6520,"かり":-2670,"が,":1816,"が、":1816,"がき":-4855,"がけ":-1127,"がっ":-913,"がら":-4977,"がり":-2064,"きた":1645,"けど":1374,"こと":7397,"この":1542,"ころ":-2757,"さい":-714,"さを":976,"し,":1557,"し、":1557,"しい":-3714,"した":3562,"して":1449,"しな":2608,"しま":1200,"す.":-1310,"す。":-1310,"する":6521,"ず,":3426,"ず、":3426,"ずに":841,"そう":428,"た.":8875,"た。":8875,"たい":-594,"たの":812,"たり":-1183,"たる":-853,"だ.":4098,"だ。":4098,"だっ":1004,"った":-4748,"って":300,"てい":6240,"てお":855,"ても":302,"です":1437,"でに":-1482,"では":2295,"とう":-1387,"とし":2266,"との":541,"とも":-3543,"どう":4664,"ない":1796,"なく":-903,"など":2135,"に,":-1021,"に、":-1021,"にし":1771,"にな":1906,"には":2644,"の,":-724,"の、":-724,"の子":-1000,"は,":1337,"は、":1337,"べき":2181,"まし":1113,"ます":6943,"まっ":-1549,"まで":6154,"まれ":-793,"らし":1479,"られ":6820,"るる":3818,"れ,":854,"れ、":854,"れた":1850,"れて":1375,"れば":-3246,"れる":1091,"われ":-605,"んだ":606,"んで":798,"カ月":990,"会議":860,"入り":1232,"大会":2217,"始め":1681,"市":965,"新聞":-5055,"日,":974,"日、":974,"社会":2024,"ｶ月":990};
-          this.TC1__ = {"AAA":1093,"HHH":1029,"HHM":580,"HII":998,"HOH":-390,"HOM":-331,"IHI":1169,"IOH":-142,"IOI":-1015,"IOM":467,"MMH":187,"OOI":-1832};
-          this.TC2__ = {"HHO":2088,"HII":-1023,"HMM":-1154,"IHI":-1965,"KKH":703,"OII":-2649};
-          this.TC3__ = {"AAA":-294,"HHH":346,"HHI":-341,"HII":-1088,"HIK":731,"HOH":-1486,"IHH":128,"IHI":-3041,"IHO":-1935,"IIH":-825,"IIM":-1035,"IOI":-542,"KHH":-1216,"KKA":491,"KKH":-1217,"KOK":-1009,"MHH":-2694,"MHM":-457,"MHO":123,"MMH":-471,"NNH":-1689,"NNO":662,"OHO":-3393};
-          this.TC4__ = {"HHH":-203,"HHI":1344,"HHK":365,"HHM":-122,"HHN":182,"HHO":669,"HIH":804,"HII":679,"HOH":446,"IHH":695,"IHO":-2324,"IIH":321,"III":1497,"IIO":656,"IOO":54,"KAK":4845,"KKA":3386,"KKK":3065,"MHH":-405,"MHI":201,"MMH":-241,"MMM":661,"MOM":841};
-          this.TQ1__ = {"BHHH":-227,"BHHI":316,"BHIH":-132,"BIHH":60,"BIII":1595,"BNHH":-744,"BOHH":225,"BOOO":-908,"OAKK":482,"OHHH":281,"OHIH":249,"OIHI":200,"OIIH":-68};
-          this.TQ2__ = {"BIHH":-1401,"BIII":-1033,"BKAK":-543,"BOOO":-5591};
-          this.TQ3__ = {"BHHH":478,"BHHM":-1073,"BHIH":222,"BHII":-504,"BIIH":-116,"BIII":-105,"BMHI":-863,"BMHM":-464,"BOMH":620,"OHHH":346,"OHHI":1729,"OHII":997,"OHMH":481,"OIHH":623,"OIIH":1344,"OKAK":2792,"OKHH":587,"OKKA":679,"OOHH":110,"OOII":-685};
-          this.TQ4__ = {"BHHH":-721,"BHHM":-3604,"BHII":-966,"BIIH":-607,"BIII":-2181,"OAAA":-2763,"OAKK":180,"OHHH":-294,"OHHI":2446,"OHHO":480,"OHIH":-1573,"OIHH":1935,"OIHI":-493,"OIIH":626,"OIII":-4007,"OKAK":-8156};
-          this.TW1__ = {"につい":-4681,"東京都":2026};
-          this.TW2__ = {"ある程":-2049,"いった":-1256,"ころが":-2434,"しょう":3873,"その後":-4430,"だって":-1049,"ていた":1833,"として":-4657,"ともに":-4517,"もので":1882,"一気に":-792,"初めて":-1512,"同時に":-8097,"大きな":-1255,"対して":-2721,"社会党":-3216};
-          this.TW3__ = {"いただ":-1734,"してい":1314,"として":-4314,"につい":-5483,"にとっ":-5989,"に当た":-6247,"ので,":-727,"ので、":-727,"のもの":-600,"れから":-3752,"十二月":-2287};
-          this.TW4__ = {"いう.":8576,"いう。":8576,"からな":-2348,"してい":2958,"たが,":1516,"たが、":1516,"ている":1538,"という":1349,"ました":5543,"ません":1097,"ようと":-4258,"よると":5865};
-          this.UC1__ = {"A":484,"K":93,"M":645,"O":-505};
-          this.UC2__ = {"A":819,"H":1059,"I":409,"M":3987,"N":5775,"O":646};
-          this.UC3__ = {"A":-1370,"I":2311};
-          this.UC4__ = {"A":-2643,"H":1809,"I":-1032,"K":-3450,"M":3565,"N":3876,"O":6646};
-          this.UC5__ = {"H":313,"I":-1238,"K":-799,"M":539,"O":-831};
-          this.UC6__ = {"H":-506,"I":-253,"K":87,"M":247,"O":-387};
-          this.UP1__ = {"O":-214};
-          this.UP2__ = {"B":69,"O":935};
-          this.UP3__ = {"B":189};
-          this.UQ1__ = {"BH":21,"BI":-12,"BK":-99,"BN":142,"BO":-56,"OH":-95,"OI":477,"OK":410,"OO":-2422};
-          this.UQ2__ = {"BH":216,"BI":113,"OK":1759};
-          this.UQ3__ = {"BA":-479,"BH":42,"BI":1913,"BK":-7198,"BM":3160,"BN":6427,"BO":14761,"OI":-827,"ON":-3212};
-          this.UW1__ = {",":156,"、":156,"「":-463,"あ":-941,"う":-127,"が":-553,"き":121,"こ":505,"で":-201,"と":-547,"ど":-123,"に":-789,"の":-185,"は":-847,"も":-466,"や":-470,"よ":182,"ら":-292,"り":208,"れ":169,"を":-446,"ん":-137,"・":-135,"主":-402,"京":-268,"区":-912,"午":871,"国":-460,"大":561,"委":729,"市":-411,"日":-141,"理":361,"生":-408,"県":-386,"都":-718,"｢":-463,"･":-135};
-          this.UW2__ = {",":-829,"、":-829,"〇":892,"「":-645,"」":3145,"あ":-538,"い":505,"う":134,"お":-502,"か":1454,"が":-856,"く":-412,"こ":1141,"さ":878,"ざ":540,"し":1529,"す":-675,"せ":300,"そ":-1011,"た":188,"だ":1837,"つ":-949,"て":-291,"で":-268,"と":-981,"ど":1273,"な":1063,"に":-1764,"の":130,"は":-409,"ひ":-1273,"べ":1261,"ま":600,"も":-1263,"や":-402,"よ":1639,"り":-579,"る":-694,"れ":571,"を":-2516,"ん":2095,"ア":-587,"カ":306,"キ":568,"ッ":831,"三":-758,"不":-2150,"世":-302,"中":-968,"主":-861,"事":492,"人":-123,"会":978,"保":362,"入":548,"初":-3025,"副":-1566,"北":-3414,"区":-422,"大":-1769,"天":-865,"太":-483,"子":-1519,"学":760,"実":1023,"小":-2009,"市":-813,"年":-1060,"強":1067,"手":-1519,"揺":-1033,"政":1522,"文":-1355,"新":-1682,"日":-1815,"明":-1462,"最":-630,"朝":-1843,"本":-1650,"東":-931,"果":-665,"次":-2378,"民":-180,"気":-1740,"理":752,"発":529,"目":-1584,"相":-242,"県":-1165,"立":-763,"第":810,"米":509,"自":-1353,"行":838,"西":-744,"見":-3874,"調":1010,"議":1198,"込":3041,"開":1758,"間":-1257,"｢":-645,"｣":3145,"ｯ":831,"ｱ":-587,"ｶ":306,"ｷ":568};
-          this.UW3__ = {",":4889,"1":-800,"−":-1723,"、":4889,"々":-2311,"〇":5827,"」":2670,"〓":-3573,"あ":-2696,"い":1006,"う":2342,"え":1983,"お":-4864,"か":-1163,"が":3271,"く":1004,"け":388,"げ":401,"こ":-3552,"ご":-3116,"さ":-1058,"し":-395,"す":584,"せ":3685,"そ":-5228,"た":842,"ち":-521,"っ":-1444,"つ":-1081,"て":6167,"で":2318,"と":1691,"ど":-899,"な":-2788,"に":2745,"の":4056,"は":4555,"ひ":-2171,"ふ":-1798,"へ":1199,"ほ":-5516,"ま":-4384,"み":-120,"め":1205,"も":2323,"や":-788,"よ":-202,"ら":727,"り":649,"る":5905,"れ":2773,"わ":-1207,"を":6620,"ん":-518,"ア":551,"グ":1319,"ス":874,"ッ":-1350,"ト":521,"ム":1109,"ル":1591,"ロ":2201,"ン":278,"・":-3794,"一":-1619,"下":-1759,"世":-2087,"両":3815,"中":653,"主":-758,"予":-1193,"二":974,"人":2742,"今":792,"他":1889,"以":-1368,"低":811,"何":4265,"作":-361,"保":-2439,"元":4858,"党":3593,"全":1574,"公":-3030,"六":755,"共":-1880,"円":5807,"再":3095,"分":457,"初":2475,"別":1129,"前":2286,"副":4437,"力":365,"動":-949,"務":-1872,"化":1327,"北":-1038,"区":4646,"千":-2309,"午":-783,"協":-1006,"口":483,"右":1233,"各":3588,"合":-241,"同":3906,"和":-837,"員":4513,"国":642,"型":1389,"場":1219,"外":-241,"妻":2016,"学":-1356,"安":-423,"実":-1008,"家":1078,"小":-513,"少":-3102,"州":1155,"市":3197,"平":-1804,"年":2416,"広":-1030,"府":1605,"度":1452,"建":-2352,"当":-3885,"得":1905,"思":-1291,"性":1822,"戸":-488,"指":-3973,"政":-2013,"教":-1479,"数":3222,"文":-1489,"新":1764,"日":2099,"旧":5792,"昨":-661,"時":-1248,"曜":-951,"最":-937,"月":4125,"期":360,"李":3094,"村":364,"東":-805,"核":5156,"森":2438,"業":484,"氏":2613,"民":-1694,"決":-1073,"法":1868,"海":-495,"無":979,"物":461,"特":-3850,"生":-273,"用":914,"町":1215,"的":7313,"直":-1835,"省":792,"県":6293,"知":-1528,"私":4231,"税":401,"立":-960,"第":1201,"米":7767,"系":3066,"約":3663,"級":1384,"統":-4229,"総":1163,"線":1255,"者":6457,"能":725,"自":-2869,"英":785,"見":1044,"調":-562,"財":-733,"費":1777,"車":1835,"軍":1375,"込":-1504,"通":-1136,"選":-681,"郎":1026,"郡":4404,"部":1200,"金":2163,"長":421,"開":-1432,"間":1302,"関":-1282,"雨":2009,"電":-1045,"非":2066,"駅":1620,"１":-800,"｣":2670,"･":-3794,"ｯ":-1350,"ｱ":551,"ｸﾞ":1319,"ｽ":874,"ﾄ":521,"ﾑ":1109,"ﾙ":1591,"ﾛ":2201,"ﾝ":278};
-          this.UW4__ = {",":3930,".":3508,"―":-4841,"、":3930,"。":3508,"〇":4999,"「":1895,"」":3798,"〓":-5156,"あ":4752,"い":-3435,"う":-640,"え":-2514,"お":2405,"か":530,"が":6006,"き":-4482,"ぎ":-3821,"く":-3788,"け":-4376,"げ":-4734,"こ":2255,"ご":1979,"さ":2864,"し":-843,"じ":-2506,"す":-731,"ず":1251,"せ":181,"そ":4091,"た":5034,"だ":5408,"ち":-3654,"っ":-5882,"つ":-1659,"て":3994,"で":7410,"と":4547,"な":5433,"に":6499,"ぬ":1853,"ね":1413,"の":7396,"は":8578,"ば":1940,"ひ":4249,"び":-4134,"ふ":1345,"へ":6665,"べ":-744,"ほ":1464,"ま":1051,"み":-2082,"む":-882,"め":-5046,"も":4169,"ゃ":-2666,"や":2795,"ょ":-1544,"よ":3351,"ら":-2922,"り":-9726,"る":-14896,"れ":-2613,"ろ":-4570,"わ":-1783,"を":13150,"ん":-2352,"カ":2145,"コ":1789,"セ":1287,"ッ":-724,"ト":-403,"メ":-1635,"ラ":-881,"リ":-541,"ル":-856,"ン":-3637,"・":-4371,"ー":-11870,"一":-2069,"中":2210,"予":782,"事":-190,"井":-1768,"人":1036,"以":544,"会":950,"体":-1286,"作":530,"側":4292,"先":601,"党":-2006,"共":-1212,"内":584,"円":788,"初":1347,"前":1623,"副":3879,"力":-302,"動":-740,"務":-2715,"化":776,"区":4517,"協":1013,"参":1555,"合":-1834,"和":-681,"員":-910,"器":-851,"回":1500,"国":-619,"園":-1200,"地":866,"場":-1410,"塁":-2094,"士":-1413,"多":1067,"大":571,"子":-4802,"学":-1397,"定":-1057,"寺":-809,"小":1910,"屋":-1328,"山":-1500,"島":-2056,"川":-2667,"市":2771,"年":374,"庁":-4556,"後":456,"性":553,"感":916,"所":-1566,"支":856,"改":787,"政":2182,"教":704,"文":522,"方":-856,"日":1798,"時":1829,"最":845,"月":-9066,"木":-485,"来":-442,"校":-360,"業":-1043,"氏":5388,"民":-2716,"気":-910,"沢":-939,"済":-543,"物":-735,"率":672,"球":-1267,"生":-1286,"産":-1101,"田":-2900,"町":1826,"的":2586,"目":922,"省":-3485,"県":2997,"空":-867,"立":-2112,"第":788,"米":2937,"系":786,"約":2171,"経":1146,"統":-1169,"総":940,"線":-994,"署":749,"者":2145,"能":-730,"般":-852,"行":-792,"規":792,"警":-1184,"議":-244,"谷":-1000,"賞":730,"車":-1481,"軍":1158,"輪":-1433,"込":-3370,"近":929,"道":-1291,"選":2596,"郎":-4866,"都":1192,"野":-1100,"銀":-2213,"長":357,"間":-2344,"院":-2297,"際":-2604,"電":-878,"領":-1659,"題":-792,"館":-1984,"首":1749,"高":2120,"｢":1895,"｣":3798,"･":-4371,"ｯ":-724,"ｰ":-11870,"ｶ":2145,"ｺ":1789,"ｾ":1287,"ﾄ":-403,"ﾒ":-1635,"ﾗ":-881,"ﾘ":-541,"ﾙ":-856,"ﾝ":-3637};
-          this.UW5__ = {",":465,".":-299,"1":-514,"E2":-32768,"]":-2762,"、":465,"。":-299,"「":363,"あ":1655,"い":331,"う":-503,"え":1199,"お":527,"か":647,"が":-421,"き":1624,"ぎ":1971,"く":312,"げ":-983,"さ":-1537,"し":-1371,"す":-852,"だ":-1186,"ち":1093,"っ":52,"つ":921,"て":-18,"で":-850,"と":-127,"ど":1682,"な":-787,"に":-1224,"の":-635,"は":-578,"べ":1001,"み":502,"め":865,"ゃ":3350,"ょ":854,"り":-208,"る":429,"れ":504,"わ":419,"を":-1264,"ん":327,"イ":241,"ル":451,"ン":-343,"中":-871,"京":722,"会":-1153,"党":-654,"務":3519,"区":-901,"告":848,"員":2104,"大":-1296,"学":-548,"定":1785,"嵐":-1304,"市":-2991,"席":921,"年":1763,"思":872,"所":-814,"挙":1618,"新":-1682,"日":218,"月":-4353,"査":932,"格":1356,"機":-1508,"氏":-1347,"田":240,"町":-3912,"的":-3149,"相":1319,"省":-1052,"県":-4003,"研":-997,"社":-278,"空":-813,"統":1955,"者":-2233,"表":663,"語":-1073,"議":1219,"選":-1018,"郎":-368,"長":786,"間":1191,"題":2368,"館":-689,"１":-514,"Ｅ２":-32768,"｢":363,"ｲ":241,"ﾙ":451,"ﾝ":-343};
-          this.UW6__ = {",":227,".":808,"1":-270,"E1":306,"、":227,"。":808,"あ":-307,"う":189,"か":241,"が":-73,"く":-121,"こ":-200,"じ":1782,"す":383,"た":-428,"っ":573,"て":-1014,"で":101,"と":-105,"な":-253,"に":-149,"の":-417,"は":-236,"も":-206,"り":187,"る":-135,"を":195,"ル":-673,"ン":-496,"一":-277,"中":201,"件":-800,"会":624,"前":302,"区":1792,"員":-1212,"委":798,"学":-960,"市":887,"広":-695,"後":535,"業":-697,"相":753,"社":-507,"福":974,"空":-822,"者":1811,"連":463,"郎":1082,"１":-270,"Ｅ１":306,"ﾙ":-673,"ﾝ":-496};
-          
-          return this;
-        }
-        TinySegmenter.prototype.ctype_ = function(str) {
-          for (var i in this.chartype_) {
-            if (str.match(this.chartype_[i][0])) {
-              return this.chartype_[i][1];
-            }
-          }
-          return "O";
-        }
-
-        TinySegmenter.prototype.ts_ = function(v) {
-          if (v) { return v; }
-          return 0;
-        }
-
-        TinySegmenter.prototype.segment = function(input) {
-          if (input == null || input == undefined || input == "") {
-            return [];
-          }
-          var result = [];
-          var seg = ["B3","B2","B1"];
-          var ctype = ["O","O","O"];
-          var o = input.split("");
-          for (i = 0; i < o.length; ++i) {
-            seg.push(o[i]);
-            ctype.push(this.ctype_(o[i]))
-          }
-          seg.push("E1");
-          seg.push("E2");
-          seg.push("E3");
-          ctype.push("O");
-          ctype.push("O");
-          ctype.push("O");
-          var word = seg[3];
-          var p1 = "U";
-          var p2 = "U";
-          var p3 = "U";
-          for (var i = 4; i < seg.length - 3; ++i) {
-            var score = this.BIAS__;
-            var w1 = seg[i-3];
-            var w2 = seg[i-2];
-            var w3 = seg[i-1];
-            var w4 = seg[i];
-            var w5 = seg[i+1];
-            var w6 = seg[i+2];
-            var c1 = ctype[i-3];
-            var c2 = ctype[i-2];
-            var c3 = ctype[i-1];
-            var c4 = ctype[i];
-            var c5 = ctype[i+1];
-            var c6 = ctype[i+2];
-            score += this.ts_(this.UP1__[p1]);
-            score += this.ts_(this.UP2__[p2]);
-            score += this.ts_(this.UP3__[p3]);
-            score += this.ts_(this.BP1__[p1 + p2]);
-            score += this.ts_(this.BP2__[p2 + p3]);
-            score += this.ts_(this.UW1__[w1]);
-            score += this.ts_(this.UW2__[w2]);
-            score += this.ts_(this.UW3__[w3]);
-            score += this.ts_(this.UW4__[w4]);
-            score += this.ts_(this.UW5__[w5]);
-            score += this.ts_(this.UW6__[w6]);
-            score += this.ts_(this.BW1__[w2 + w3]);
-            score += this.ts_(this.BW2__[w3 + w4]);
-            score += this.ts_(this.BW3__[w4 + w5]);
-            score += this.ts_(this.TW1__[w1 + w2 + w3]);
-            score += this.ts_(this.TW2__[w2 + w3 + w4]);
-            score += this.ts_(this.TW3__[w3 + w4 + w5]);
-            score += this.ts_(this.TW4__[w4 + w5 + w6]);
-            score += this.ts_(this.UC1__[c1]);
-            score += this.ts_(this.UC2__[c2]);
-            score += this.ts_(this.UC3__[c3]);
-            score += this.ts_(this.UC4__[c4]);
-            score += this.ts_(this.UC5__[c5]);
-            score += this.ts_(this.UC6__[c6]);
-            score += this.ts_(this.BC1__[c2 + c3]);
-            score += this.ts_(this.BC2__[c3 + c4]);
-            score += this.ts_(this.BC3__[c4 + c5]);
-            score += this.ts_(this.TC1__[c1 + c2 + c3]);
-            score += this.ts_(this.TC2__[c2 + c3 + c4]);
-            score += this.ts_(this.TC3__[c3 + c4 + c5]);
-            score += this.ts_(this.TC4__[c4 + c5 + c6]);
-        //  score += this.ts_(this.TC5__[c4 + c5 + c6]);    
-            score += this.ts_(this.UQ1__[p1 + c1]);
-            score += this.ts_(this.UQ2__[p2 + c2]);
-            score += this.ts_(this.UQ3__[p3 + c3]);
-            score += this.ts_(this.BQ1__[p2 + c2 + c3]);
-            score += this.ts_(this.BQ2__[p2 + c3 + c4]);
-            score += this.ts_(this.BQ3__[p3 + c2 + c3]);
-            score += this.ts_(this.BQ4__[p3 + c3 + c4]);
-            score += this.ts_(this.TQ1__[p2 + c1 + c2 + c3]);
-            score += this.ts_(this.TQ2__[p2 + c2 + c3 + c4]);
-            score += this.ts_(this.TQ3__[p3 + c1 + c2 + c3]);
-            score += this.ts_(this.TQ4__[p3 + c2 + c3 + c4]);
-            var p = "O";
-            if (score > 0) {
-              result.push(word);
-              word = "";
-              p = "B";
-            }
-            p1 = p2;
-            p2 = p3;
-            p3 = p;
-            word += seg[i];
-          }
-          result.push(word);
-
-          return result;
-        }
-
-        lunr.TinySegmenter = TinySegmenter;
-    };
-
-}));
@@ -1 +0,0 @@
-{"version":3,"sources":["src/templates/assets/stylesheets/palette/_scheme.scss","../../../../src/templates/assets/stylesheets/palette.scss","src/templates/assets/stylesheets/palette/_accent.scss","src/templates/assets/stylesheets/palette/_primary.scss","src/templates/assets/stylesheets/utilities/_break.scss"],"names":[],"mappings":"AA2BA,cAGE,6BAME,sDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CACA,mDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CAGA,mDAAA,CACA,gDAAA,CACA,yDAAA,CACA,4DAAA,CAGA,0BAAA,CACA,mCAAA,CAGA,iCAAA,CACA,kCAAA,CACA,mCAAA,CACA,mCAAA,CACA,kCAAA,CACA,iCAAA,CACA,+CAAA,CACA,6DAAA,CACA,gEAAA,CACA,4DAAA,CACA,4DAAA,CACA,6DAAA,CAGA,6CAAA,CAGA,+CAAA,CAGA,uDAAA,CACA,6DAAA,CACA,2DAAA,CAGA,iCAAA,CAGA,yDAAA,CACA,iEAAA,CAGA,mDAAA,CACA,mDAAA,CAGA,qDAAA,CACA,uDAAA,CAGA,8DAAA,CAKA,8DAAA,CAKA,0DAAA,CAzEA,iBCiBF,CD6DE,kHAEE,YC3DJ,CDkFE,yDACE,4BChFJ,CD+EE,2DACE,4BC7EJ,CD4EE,gEACE,4BC1EJ,CDyEE,2DACE,4BCvEJ,CDsEE,yDACE,4BCpEJ,CDmEE,0DACE,4BCjEJ,CDgEE,gEACE,4BC9DJ,CD6DE,0DACE,4BC3DJ,CD0DE,2OACE,4BC/CJ,CDsDA,+FAGE,iCCpDF,CACF,CCjDE,2BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD6CN,CCvDE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDoDN,CC9DE,8BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD2DN,CCrEE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDkEN,CC5EE,8BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDyEN,CCnFE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDgFN,CC1FE,kCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDuFN,CCjGE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD8FN,CCxGE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDqGN,CC/GE,6BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD4GN,CCtHE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDmHN,CC7HE,4BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCD6HN,CCpIE,8BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCDoIN,CC3IE,6BACE,yBAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCD2IN,CClJE,8BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCDkJN,CCzJE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDsJN,CE3JE,4BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwJN,CEnKE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgKN,CE3KE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwKN,CEnLE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgLN,CE3LE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwLN,CEnME,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgMN,CE3ME,mCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwMN,CEnNE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgNN,CE3NE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwNN,CEnOE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgON,CE3OE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwON,CEnPE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCFmPN,CE3PE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCF2PN,CEnQE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCFmQN,CE3QE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCF2QN,CEnRE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgRN,CE3RE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwRN,CEnSE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCAAA,CAKA,4BF4RN,CE5SE,kCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCAAA,CAKA,4BFqSN,CEtRE,sEACE,4BFyRJ,CE1RE,+DACE,4BF6RJ,CE9RE,iEACE,4BFiSJ,CElSE,gEACE,4BFqSJ,CEtSE,iEACE,4BFySJ,CEhSA,8BACE,mDAAA,CACA,4DAAA,CACA,0DAAA,CACA,oDAAA,CACA,2DAAA,CAGA,4BFiSF,CE9RE,yCACE,+BFgSJ,CE7RI,kDAEE,0CAAA,CACA,sCAAA,CAFA,mCFiSN,CG7MI,mCD1EA,+CACE,8CF0RJ,CEvRI,qDACE,8CFyRN,CEpRE,iEACE,mCFsRJ,CACF,CGxNI,sCDvDA,uCACE,oCFkRJ,CACF,CEzQA,8BACE,kDAAA,CACA,4DAAA,CACA,wDAAA,CACA,oDAAA,CACA,6DAAA,CAGA,4BF0QF,CEvQE,yCACE,+BFyQJ,CEtQI,kDAEE,0CAAA,CACA,sCAAA,CAFA,mCF0QN,CEnQE,yCACE,6CFqQJ,CG9NI,0CDhCA,8CACE,gDFiQJ,CACF,CGnOI,0CDvBA,iFACE,6CF6PJ,CACF,CG3PI,sCDKA,uCACE,6CFyPJ,CACF","file":"palette.css"}
@@ -0,0 +1,58 @@
+#!/bin/zsh
+
+# in case of  $'\r': command not found error, run command below first
+# sed -i 's/\r$//' ./bootstrap.sh
+
+CLUSTER="${1:?Usage: ./bootstrap.sh <cluster> (upc-dev|upc-prod|aks-dev|aks-prod|eks-dev|eks-prod|gke-dev|gke-prod)}"
+
+echo "running $0 for cluster: ${CLUSTER}..."
+
+# Source cluster config
+eval $(yq -r 'to_entries[] | "export \(.key)=\"\(.value)\""' "clusters/${CLUSTER}.yaml")
+
+echo "Bootstrapping cluster: ${clusterName} (${CLUSTER})..."
+
+############################################################
+# Bootstrap                                                     #
+############################################################
+Bootstrap()
+{
+    ArgoCd
+    Gitea
+}
+
+
+############################################################
+# Gitea                                                     #
+############################################################
+Gitea()
+{
+    echo "Installing secret..."
+    kubectl apply -f "private/${CLUSTER}/gitea-repo-main.yaml"
+    kubectl apply -f "private/${CLUSTER}/main.key"
+}
+
+############################################################
+# ArgoCd                                                     #
+############################################################
+ArgoCd()
+{
+    # Pre-create ConfigMap for repo-server env (must exist before Helm upgrade)
+    kubectl create namespace argocd --dry-run=client -o yaml | kubectl apply -f -
+    kubectl apply -f cluster-resources/argocd-repo-server-config.yaml
+
+    # install argocd
+    echo "Installing ArgoCD..."
+    helm upgrade --install argocd argo-cd \
+            --repo https://argoproj.github.io/argo-helm \
+            --version "7.8.0" \
+            --namespace argocd --create-namespace \
+            --values infra/values/base/argocd-values.yaml \
+            --values "infra/values/${CLUSTER}/argocd-values.yaml" \
+            --set notifications.context.clusterName="${clusterName}" \
+            --timeout 60s --atomic
+
+    kubectl apply -f "_app-of-apps-${CLUSTER}.yaml" -n argocd
+}
+
+Bootstrap
@@ -0,0 +1,16 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: argocd-notifications-secret
+  namespace: argocd
+spec:
+  encryptedData:
+    slack-webhook-url: AgBIIEfU1TzNNJoQMsiKqF+x0y5vGu5iMwvTADGuUcjlz7DtfExTQu86OdUO1+Gxri/NKKj+KN1Tv7WNJs5Yo/hjjLs/JTxKYuEF6S0xaqLX3sRCkMCdVpRkH079CW4ayDP2moIGrG9+nq0iGNA7qyPssjjSCeMaj6SiHAIXdV+f/5XLrwHUybL2drBp7OVsZcLQJhQRGYIM/R4PvQJGLv95L/XPn5aOK8jxhHIsaxwRlAuGpCP/Ct7mG6H2qL0zKZn/H7Vl+x/Xgx0a/VGcEMosgQY1PeSqihyTcCsSu1g2rd8A03nw8v3kIjkiMzSpIKHoEpWuoNWxDmwMYrpvy1QUnpW2nT9WkLoaoi4lczNr63Z/LT2mCTMhgC83OxF5IA/9cekWh+VMHVsS2c4qQvlDZoT2N4SwkWy++rreFwrXdaMBJHIQI2wT9rtWwRLG4sLigaxBPX7lzVlplkSxHgrVi6c329u6+2Dcw9eMOPfw7GmbnF5H+t1AmFEBbrf2LOPGRy3yd+5g5U4Eyhf7YmA9SaT7TB1w3UhacSCslVH41NLtqNV65lvAjPCyYbEEjmnV02i9rPDyHMitrZ9Z8Spzo3oiK0ZndWh98u8iA7NJY2i+L01n7OLGjRBGL364URHRqcDxCPRrc0ApRBj5aa4HEScowmWCPcoqgzwFfclAz2iNAgQ7h+7/rUN2k96V7Eo0xco+bF/XgwWX5ehIB6FQYKborWa7XHvAGEc85eD3bNOnOUF1RJB/4GzN5yu/7fyeRVnKNEAzZ2cuXD+5RA5gPyqBVgTFspl2MasbMW9KOZT4YKts0ILXqpo=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: argocd-notifications-secret
+      namespace: argocd
+    type: Opaque
@@ -0,0 +1,83 @@
+# CronJob: syncs OIDC client secret from registrar-managed
+# argocd-oidc-credentials into argocd-secret (oidc.clientSecret key).
+# Runs every 2 min. No-ops if source secret doesn't exist yet
+# (safe for fresh deploys before Keycloak is up).
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: argocd-oidc-sync
+  namespace: argocd
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: argocd-oidc-sync
+  namespace: argocd
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  resourceNames: ["argocd-oidc-credentials", "argocd-secret"]
+  verbs: ["get", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: argocd-oidc-sync
+  namespace: argocd
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: argocd-oidc-sync
+subjects:
+- kind: ServiceAccount
+  name: argocd-oidc-sync
+  namespace: argocd
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: argocd-oidc-sync
+  namespace: argocd
+spec:
+  schedule: "*/2 * * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      backoffLimit: 1
+      template:
+        spec:
+          serviceAccountName: argocd-oidc-sync
+          restartPolicy: Never
+          containers:
+          - name: sync
+            image: bitnami/kubectl:latest
+            command: ["/bin/sh", "-c"]
+            args:
+            - |
+              set -e
+
+              # Exit gracefully if source secret doesn't exist yet
+              if ! kubectl get secret argocd-oidc-credentials -n argocd >/dev/null 2>&1; then
+                echo "argocd-oidc-credentials not found — skipping (Keycloak not ready yet)"
+                exit 0
+              fi
+
+              # Read current OIDC client secret
+              NEW_SECRET=$(kubectl get secret argocd-oidc-credentials -n argocd \
+                -o jsonpath='{.data.client-secret}' | base64 -d)
+
+              # Read current value in argocd-secret (if any)
+              CURRENT=$(kubectl get secret argocd-secret -n argocd \
+                -o jsonpath='{.data.oidc\.clientSecret}' 2>/dev/null | base64 -d || echo "")
+
+              # Only patch if changed
+              if [ "$NEW_SECRET" = "$CURRENT" ]; then
+                echo "oidc.clientSecret already up to date"
+                exit 0
+              fi
+
+              kubectl patch secret argocd-secret -n argocd --type merge \
+                -p "{\"stringData\":{\"oidc.clientSecret\":\"${NEW_SECRET}\"}}"
+              echo "Patched argocd-secret with oidc.clientSecret"
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-repo-server-config
+  namespace: argocd
+data:
+  # Disable git submodule checkout - submodules (e.g. shared-prompts)
+  # are not needed for K8s manifest generation
+  ARGOCD_GIT_MODULES_ENABLED: "false"
@@ -0,0 +1,7 @@
+---
+# Disable Istio sidecar injection for cert-manager namespace
+# This is required for cert-manager to function properly with Istio
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
@@ -0,0 +1,20 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: forte10x-repo-creds
+  namespace: argocd
+spec:
+  encryptedData:
+    sshPrivateKey: AgBJ0kYo34Fd52HXd6lNo3QUUesZx/8s3f3U6VYuRP+hwLWRx/toh2+33H3FSvEJlHakMiXOnKSFePP7xS2xi7+ZnjQUviw/dueDzTMAAL6jR11VNc4wLZBmvBlISW3/lRA7dVy8vhyP5FCt1gizwx8+bCDFSJqG6Z2Ca2NuxSC+d3kYL1BTcGOda9SApht/RNM0HY11WGBVEoT/AP8zqwtG3vOTWGiqRkU/UgKbnOIzVrv0ZqwAloj/7+4LgaD7rpy5wPx6WFakjD5ON0xZF1uiusAoa5i+ukMSsmNGTko5qMhkcCyS41H0RgnLKW5UoOuY9Ewvp/8/49FN8hhmAZU0PVVfcKalZYFaei+Ka79oaoKpACHLOevCjMF2sgLEOdtow5nVMlxmsCYWb1cPtuczUH0bGwmNOAmS4Y0cuxc3++5UXZiML5n9Hnfl8K1rxeHWB0nzlRuzwj/JKItBcsjVdF9F+fAHAt8LDzxuqOt+PyyABXHk0aZ56DCvUDm90IAm8ojufLbGWXeouiudM11UxAP9ySp4FB9ou+re6F11ZFE3yVgScKlfpu0bHUFFhm+glVLF+8nlv8E6a1LCb+HOP3WwwXJ0OB9KnYaFhrTuvF9pOVwX9zUs4QCWq323jzTrK8yR3upybxIbfPTF/iMzTQliDUuA5WpK0y2/B+OoeMevuqR4HklUp/OHGpigfTo9p4JtR6f96foXpgg4ViNrl2FwKK8imSkGqTj1NoqFs0gseq3Q/9w5BB0gOd4hK9o3flXljz1wpJxwYWX8ogM05eJD83pjX0b0hvWk1fEZHx+xFLVhm6vYXNfsZ+nnwwEyLV6PdEW2gVYJQo8+e0eVX5eUnynZCL96BgjCkUa/Yvfds1L1q7vzyYOT7t4h4qqmlAwDsUwbPbdANZ26Ybehjn8kS9e9V4oPzk7yvsqzSfzX4UUoFjQsB7ETmiNVbWEYJpAkTJ6OcPQUD12SCW3BDmwmBjpwPOjwl9/zRJezKOdFVncDKtOzXtef7Q+bdNR85klOTmxpEV3GFpp+Qh6xbYuSREYm+N5B1rLcgvoA34VZDmMbQwdlfK2tXG1lO1fnM9inhdU0SDVfgqqeiPZHMhV8TaajQNWEtQJij6VW8/Lsm4yxbKs5cg6ung5I30saaM8LFTI0Njq5/TpbF753+F/v5SV275o5+0MFCZDER30Nh/uFipTpvzOFrQlG/bHrT3/rUnw1dfYz0BcUO7V0KaUQFzV2ArPsNxc=
+    type: AgBwM8m/1ZFU6Wdwq3riZkRBlcqLRe4t3MK3T7L6s0Cr7rVsE2QIw7JJgJWW77plgqWYUANxLd8pcXeC3uqvLH7ApYWN0kFzpPD/qK7ZVD13Tq+OnXE+zZyEYwr9YH790ca+KFrJJTewX9zN1Y3KSeyNX2ko0UndPn99PNAhtMCeMrsiJ59HgE66fnq+iGx7Ghs3xai7FVAmQADeaAd5WHkfzN0jEKFccZ/nV60cisqwVttFB0Rt+eMywAoRXw9+mmSVmwGX/bDfO6fm2C3O+GQrVa80E57iXeMO3m6G/lRCjA+9If6lg8QyuD3W+3Xnm3IC5pHEtYFjj8J4cwa4qTMcYsyfOt/NtmWD8KlLNcIFzP/uMar1WQ256PWPoN60pM9mTe6Jyz0sq3L4H/KC/5EfbOJ4tm5QN6/57mcls0eOfOP3JzV92zvC/Z4exjlvEqmKK/T/gMtXCv29ITWtmQWkXtfERuVxB13kXN4gJVuffMKKrsr5uOm5n17PQd1GLoDYo/8nRyNBu4H6+9r8LcAuaE7z4cETuYC9EM3gp4ZkeuwTwNjnNYyrs8nNxGzjVTc1HIhfKGZkJilF0BhXiSmrNczEFBZqC30vgChJ2ko/RePQsxh32rXfdZ1RBGL1B2o8Nf4FZQz6dMpuNeei0tjfo2rq7LCB3Ze8vj8q/iQDAlRbunkevYhTotXPZoZXdcs5VkA=
+    url: AgBT+Tyn3YN731bMBG9jJv8F+jda1vA/0DemSL9SWxZFfrH4xSGlg3IITOW+iN4lDDKNiceHFRXcxVSYrStArEnGbBy5a7GvXBuKpwshal3MXGwt1iy5fZZH4nKzKCkLRmECFI4/N/zJpqxWxmiQtXMtBYIPyf97ulaPg4R9h0CwDAfesgbfmfsxB3F6ceUj6BkKHxx36Ca6AlNc06FhqmR307kAnijdfg0Ji+geqnqpruDG2717n5s6+xQG03GiM8rWAnny/4GDkYQsuRxaaRl4skalSS0UfvsoBwdfmn5Uvem6zefbnHaP9j9r5xI5ZN23QB6dQhzMooVHz8vgzn06mj73YkLVSYCwU0cMSOgDr9RWVOxkpCqrP3p76c3Xzj91K+OzVUHfvYbxBuypNJoojCG5bP1amuwtFs8rBSiCONxSTNjStvXN3qDCRKpHmskHlVeH4Lsn20UFOd+vsQue1vfb1jMxQ6I3xi5AUZO6x8TJCGR33EswbGF6ZGvJXuW+S7XtgjUgGMgWcGpBHpjk5EAFCPO83AFf8iNlbX30th/eDsIs1tX7b+RD1+QJYuJsC6pBIU3cVdjDy1Mjb3ViadwkWy6sEytL1NMpRBh7A2T/oIZV0DFkI4wul5y5hztQrNgzzJH9MGeLLxtAxtb1ZTb+StJJjr39c+mXOZMDzl4/cv3KNoj7hTJo1H6y0KbiIjQuaEl6XZdGu/46ZmdearxEPL/60Rtonf/wUve8UV0pqYEVaadHx2ui
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        argocd.argoproj.io/secret-type: repository
+      name: forte10x-repo-creds
+      namespace: argocd
+    type: Opaque
@@ -0,0 +1,88 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: gitea-backup
+  namespace: gitea
+spec:
+  schedule: "0 3 * * *"   # daily at 03:00 UTC
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 3
+  failedJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      backoffLimit: 1
+      activeDeadlineSeconds: 1800
+      template:
+        spec:
+          restartPolicy: Never
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            fsGroup: 1000
+          # Must run on the same node as Gitea to share the RWO volume
+          affinity:
+            podAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+                - labelSelector:
+                    matchLabels:
+                      app.kubernetes.io/name: gitea
+                  topologyKey: kubernetes.io/hostname
+          initContainers:
+            - name: gitea-dump
+              image: gitea/gitea:1.25.4
+              command:
+                - sh
+                - -c
+                - |
+                  gitea dump \
+                    -c /data/gitea/conf/app.ini \
+                    -f /backup/gitea-dump.zip \
+                    -t /tmp/gitea-dump && \
+                  echo "Dump completed: $(ls -lh /backup/gitea-dump.zip)"
+              volumeMounts:
+                - name: data
+                  mountPath: /data
+                  readOnly: true
+                - name: backup
+                  mountPath: /backup
+                - name: tmp
+                  mountPath: /tmp/gitea-dump
+          containers:
+            - name: upload
+              image: minio/mc:latest
+              env:
+                - name: HOME
+                  value: /tmp
+              command:
+                - sh
+                - -c
+                - |
+                  mc alias set s3 "${S3_ENDPOINT}" "${AWS_ACCESS_KEY_ID}" "${AWS_SECRET_ACCESS_KEY}"
+
+                  TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+                  KEY="gitea-dump-${TIMESTAMP}.zip"
+                  echo "Uploading ${KEY}..."
+                  mc cp /backup/gitea-dump.zip "s3/${S3_BUCKET}/${KEY}" && \
+                  echo "Upload complete."
+
+                  # Prune backups older than 7 days
+                  echo "Pruning backups older than 7 days..."
+                  mc rm --older-than 7d --force "s3/${S3_BUCKET}/" 2>&1 || true
+                  echo "Pruning complete."
+              envFrom:
+                - secretRef:
+                    name: gitea-backup-s3
+              volumeMounts:
+                - name: backup
+                  mountPath: /backup
+                  readOnly: true
+          volumes:
+            - name: data
+              persistentVolumeClaim:
+                claimName: gitea-shared-storage
+            - name: backup
+              emptyDir:
+                sizeLimit: 5Gi
+            - name: tmp
+              emptyDir:
+                sizeLimit: 5Gi
@@ -0,0 +1,13 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: gitea-ssh
+  namespace: gitea
+spec:
+  entryPoints:
+    - giteassh
+  routes:
+    - match: HostSNI(`*`)
+      services:
+        - name: gitea-ssh
+          port: 22
@@ -0,0 +1,54 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kyverno:pods-replicasets:manage
+  labels:
+    rbac.kyverno.io/aggregate-to-cleanup-controller: "true"
+rules:
+- apiGroups:
+  - ''
+  - 'apps'
+  resources:
+  - replicasets
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kyverno:secrets:view
+  labels:
+    rbac.kyverno.io/aggregate-to-admission-controller: "true"
+    rbac.kyverno.io/aggregate-to-reports-controller: "true"
+    rbac.kyverno.io/aggregate-to-background-controller: "true"
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  - namespaces
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kyverno:secrets:manage
+  labels:
+    rbac.kyverno.io/aggregate-to-background-controller: "true"
+rules:
+- apiGroups:
+  - ''
+  resources:
+  - secrets
+  - namespaces
+  verbs:
+  - create
+  - update
+  - delete
@@ -0,0 +1,35 @@
+---
+# Staging ClusterIssuer for testing (higher rate limits, not browser-trusted)
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # Let's Encrypt staging server
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: danijels@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-staging-key
+    solvers:
+    - http01:
+        ingress:
+          class: traefik
+
+---
+# Production ClusterIssuer for browser-trusted certificates
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # Let's Encrypt production server
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: danijels@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    solvers:
+    - http01:
+        ingress:
+          class: traefik
@@ -0,0 +1,20 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: mcp10x-repo-creds
+  namespace: argocd
+spec:
+  encryptedData:
+    sshPrivateKey: AgABjxZ9fCInZErXR2rkRfn/xg3foN/k8PZaU2xeaf6SraOIoAzsEOmCZjOhml2aOxezED9jAuCyAVcnJGjULlYiwGklmRzekqy3aUNMPsswQIBhs2kDkR0py0ANudNrv1gYkmNn0Z+nMuPIvMbjKkA0avoRD9aXbY7XFP6lJfoFURGYQ6mZeUsjbsugL3m0drync5Ff5IWoPm4cs+O58RXRIiUuMQ/BSEov9DBQfugB94Dg5xA2o1IO9MoXLiHVGfXTd6JD65SnGwhtftmucTXETZjGJbDwJnwcbmC5JqOnxP+wvb9sFUm8QNaGBkODB7ET2YOFnrbhL45L1HwXkLzvteyOpuStfihtOeyKl2D1PRxyy/uwlEg2GR+TZzegrrMlEU/wY6u1nqfkw8g+VPQy2r0KCCRDWha9bBReyFz2LzJr8quTp/HmKi5l0ljVTwziZ2EI6SFdtIGjnyAhEAYWZZoCn1cYQ9Y7qTSnnm6k1f6tnqCJljfr0ls63cXosWxPaSsyHjnmxQboUs+QgpLZDGo5UZLsYJpafPeKN5lQJgZpkK0el4JzLreA1TTLSp2bVW/3Y2R6auQlOhC79A+/ctEooQq6ugPdKaiKUjDpcl9J3pIEiMw0/m6cnFRgBFZdey0hia/joYruIKjL+P6MpwMEL5nKEjnV1hSQqDraC+H4fvQOuYIHYYOPTePxcFyznK/ctcZI9ByW1zT8tSNbKJLia2fhv1Fv15MX/qrk84stW3FG4W1M9PKbmYX8gksF1PxWh+FWfOFteTU+bZPXUOvU5onEFET1L8ZaN7z8v2cYh/D7kRHVcTrLrxgvugvRnGFIsx2Wy0d48LApfDNmip4q4AjA+yhZgRR+eziyStEzFfsvU/MDK9qeQoK+cmV3RMcKUOYthjDbCzndH6TFlqcQQGEWvcbLqofpFjXz0uw9pY7Z8YRBemD6wqAM13JtaI+hF6EW3fW6Vy3QS0O1Kqgy/8bCh4R3h+DGtXPkMu/xLKuFiUQJF2XnQEZya+aYbxQUcNcxOvblWndHOMFpbce0ERIon9m4rvn8HLNeoRqC+x4iGW7ft4pFkaLr/DYOkhiNmSfd35js8TLfcxSXZg2pX+dq6lejGxVdkrvmisWm+4xpc0B8hRpwQMJGuIM4rQz5wj/XndfHSH1Z0NnorCmSubOwPIpq7VQqoyCIpOBCzBLVki4hlJeqIvm2/xJPPVzxZZ16Uy7TGbSoPWs=
+    type: AgC9y+ZjBL2JsaUBFhWc4wlZWnp04EzxyXwJJgwu+FyBTGWGBrA5dp7KeS7LuPW+vBcjJKcLVuYrDbxJw622RgD0m8ALEL+TQg+CnULXljb7P1inSlAVKHBg0le2bz6dZ55SmZvAItrm5MSxcwVZYFeBVjHFP5IDwF2uPv9ZQOrIGA58ZjTK9+kTsVN/XbVCnNnTaAakW6PR7YaLvpiYYfMbGlU+JmItwIJASPnqmQV40+5f+ewgCl5w0ATeNi6VOQx6quQm7HJovneE0pfYRyg/fTc3SNI6Ao/82+QP3H/7Kmme1DLncMfKSmTZ1dcLQ7AaUZFXuwaQzwzLwv1RLsyFowweJJh20TGV66526oM9zzPAAuFD+yBQln+qdn+qJnOpUZU9Ft/bbnaX2JuBHfcpXK93CvlATo9p+d2RdWvscUSN5NcQ+/szkIJmcCwPW4W7wLvst/+oy2mqJIoRY2T8VT5QclPe2Mbz0onriXx50zeGGAi2MWzNUdR60S8sfadn/6J0+3GdQnQwrgvgV1W2yuXQW6+ThzEqZZlQLZz9+LUQBTYf7DAObGw1EJE1ZdldoyiurMrrlCf88xA9grv9y1QiN0TIElTy5z10Jke8cB9yXBYMA4D/XaEAJ5juk44XjzlmOqPyyFny0xEd6LFILETr76ph1lI6TJUrE5dA9MOwRMQWwSfcMyqRob1nSwx9tBA=
+    url: AgCZPKVLwBsR41TulTWsw5gSnAFBCH5pQj8hoty2LlGcgM2cY+ArDCv46B8ihFdLiGY4r9hRAhlzkeC1mjgTI9GDzfmrTVs5xS4ilKG9HTt8SzleyqlYT8jZAopc1ln3j4pMLZj471th0PBRxajIxT4rv+tm02FlS+1Py+sHTochMakXLBSQxAy0fGr+Y98WuG6GYxcrHOD4yqErdmq06N9xrmGjP0KCAxTS4VJLiVvWbikANwtDFCmB63wiaqQ0uky7aeX/UrmCUi4WhuFfwUipSr6nyn2Ws3TdTOjioeRNA/LtDb6zc0k1WqgWU2Kk0YHoIJF7w4POSurNQu4yrPgeaK8Ez8k+cFQihK+/4YHZPOUS5Dzm3XhXuQOgQRMfeIFPsutYAMk7WQB8bPDjlk2CpLIg+vQicrW6JEjAgIbD4ohUNKznP2h6vTu6fcGKleDMEedp73/Pud1EinOxyOA91uYv+k54F/tndE6Jj/RJnMTBVBuw71789oBF/QZJ3glhjq/Q78v8t5Zq0QFlpuc4oXOn6WAuP79kUBiBbOVDfSaBMtztsZihf9En3RRzC5RRncOhYaLOufkPTY+qC2Myj6+T/SdxZnyohEZSzHyqSMsBOLCcWTcap79kP3ARRH8az+/7Nga95TnIEoG6f5Wt12f9ZglZtM/UJvQv0NxhSF6YY4gk8sI0Mv5A9ihnUKP7i0gxCnf+X+UJACt+Iy6MDdxFxCHJW7Gp79wrIPmOWnhRJQ==
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        argocd.argoproj.io/secret-type: repository
+      name: mcp10x-repo-creds
+      namespace: argocd
+    type: Opaque
@@ -0,0 +1,37 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: deny-external-egress
+  namespace: trivy-system
+  labels:
+    app.kubernetes.io/managed-by: argocd
+    app.kubernetes.io/part-of: network-policies
+spec:
+  endpointSelector: {}
+  egress:
+    # Allow DNS resolution
+    - toEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: kube-system
+            k8s-app: kube-dns
+      toPorts:
+        - ports:
+            - port: "53"
+              protocol: UDP
+            - port: "53"
+              protocol: TCP
+
+    # Allow cluster-internal traffic (RFC1918)
+    - toCIDR:
+        - 10.0.0.0/8
+        - 172.16.0.0/12
+        - 192.168.0.0/16
+
+    # Allow Trivy vulnerability DB downloads (ghcr.io OCI registry)
+    - toFQDNs:
+        - matchName: ghcr.io
+        - matchName: pkg-containers.githubusercontent.com
+      toPorts:
+        - ports:
+            - port: "443"
+              protocol: TCP
@@ -0,0 +1,492 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: inject-auth-sidecar
+  annotations:
+    pod-policies.kyverno.io/autogen-controllers: none
+    policies.kyverno.io/title: Inject Auth Sidecar
+    policies.kyverno.io/minversion: 1.6.0
+    policies.kyverno.io/category: Security
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: Pod
+    policies.kyverno.io/description: >-
+      Injects an auth sidecar container into Pods annotated with policies.forteapps.io/auth: "true". Supports three auth modes controlled by the policies.forteapps.io/auth-type annotation: "token" (default), "oidc", and "mcp". In token mode the sidecar reads credentials from a mounted Secret volume. In OIDC mode the sidecar uses OpenID Connect with authority and client-id provided via required annotations (policies.forteapps.io/auth-oidc-authority and policies.forteapps.io/auth-oidc-client-id) and secrets from an auth-oidc Secret. In MCP mode the sidecar implements OAuth 2.0 for MCP servers per RFC 9728 (Protected Resource Metadata) and RFC 7591 (Dynamic Client Registration), configured via policies.forteapps.io/auth-mcp-resource and policies.forteapps.io/auth-mcp-authority annotations. The sidecar port defaults to 9001 and can be overridden via the policies.forteapps.io/auth-port annotation. A NetworkPolicy is generated to restrict ingress to the sidecar port only.
+spec:
+  background: false
+  rules:
+  - name: generate-auth-tokens-secret
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          annotations:
+            policies.forteapps.io/auth: "true"
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - kyverno
+          - argocd
+          - cert-manager
+          - monitoring
+    preconditions:
+      all:
+      - key: "{{ request.operation }}"
+        operator: In
+        value:
+        - CREATE
+      - key: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-type\" || 'token' }}"
+        operator: Equals
+        value: "token"
+    generate:
+      synchronize: false
+      apiVersion: v1
+      kind: Secret
+      name: auth-tokens
+      namespace: "{{ request.namespace }}"
+      data:
+        metadata:
+          labels:
+            app.kubernetes.io/managed-by: kyverno
+            app.kubernetes.io/created-by: inject-auth-sidecar
+        type: Opaque
+        data: {}
+  - name: generate-auth-oidc-secret
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          annotations:
+            policies.forteapps.io/auth: "true"
+            policies.forteapps.io/auth-type: "oidc"
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - kyverno
+          - argocd
+          - cert-manager
+          - monitoring
+    preconditions:
+      all:
+      - key: "{{ request.operation }}"
+        operator: In
+        value:
+        - CREATE
+    generate:
+      synchronize: false
+      apiVersion: v1
+      kind: Secret
+      name: auth-oidc
+      namespace: "{{ request.namespace }}"
+      data:
+        metadata:
+          labels:
+            app.kubernetes.io/managed-by: kyverno
+            app.kubernetes.io/created-by: inject-auth-sidecar
+        type: Opaque
+        data: {}
+  - name: inject-sidecar-token
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          annotations:
+            policies.forteapps.io/auth: "true"
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - kyverno
+          - argocd
+          - cert-manager
+          - monitoring
+    preconditions:
+      all:
+      - key: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-type\" || 'token' }}"
+        operator: Equals
+        value: "token"
+    context:
+    - name: appPort
+      variable:
+        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
+    - name: sidecarPort
+      variable:
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
+    mutate:
+      patchStrategicMerge:
+        spec:
+          containers:
+          - name: authn
+            image: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image\" || 'git.forteapps.net/forte/auth-sidecar' }}:{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image-version\" || 'latest' }}"
+            ports:
+            - containerPort: "{{ sidecarPort }}"
+              name: auth
+              protocol: TCP
+            env:
+            - name: AUTH_LISTEN_ADDR
+              value: ":{{ sidecarPort }}"
+            - name: AUTH_UPSTREAM_URL
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
+            - name: AUTH_PUBLIC_PATHS
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}"
+            - name: AUTH_TOKEN_FILE
+              value: "/etc/auth/tokens"
+            - name: AUTH_MODE
+              value: "token"
+            volumeMounts:
+            - name: auth-tokens
+              mountPath: /etc/auth
+              readOnly: true
+            resources:
+              limits:
+                cpu: 50m
+                memory: 64Mi
+              requests:
+                cpu: 10m
+                memory: 32Mi
+            readinessProbe:
+              httpGet:
+                path: /healthz
+                port: "{{ sidecarPort }}"
+              initialDelaySeconds: 2
+              periodSeconds: 5
+            livenessProbe:
+              httpGet:
+                path: /healthz
+                port: "{{ sidecarPort }}"
+              initialDelaySeconds: 5
+              periodSeconds: 10
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop:
+                - ALL
+          volumes:
+          - name: auth-tokens
+            secret:
+              secretName: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-token-secret-name\" || 'auth-tokens' }}"
+              optional: true
+  - name: inject-sidecar-oidc
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          annotations:
+            policies.forteapps.io/auth: "true"
+            policies.forteapps.io/auth-type: "oidc"
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - kyverno
+          - argocd
+          - cert-manager
+          - monitoring
+    context:
+    - name: appPort
+      variable:
+        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
+    - name: sidecarPort
+      variable:
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
+    mutate:
+      patchStrategicMerge:
+        spec:
+          containers:
+          - name: authn
+            image: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image\" || 'git.forteapps.net/forte/auth-sidecar' }}:{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image-version\" || 'latest' }}"
+            imagePullPolicy: Always
+            ports:
+            - containerPort: "{{ sidecarPort }}"
+              name: auth
+              protocol: TCP
+            env:
+            - name: AUTH_MODE
+              value: "oidc"
+            - name: AUTH_LISTEN_ADDR
+              value: ":{{ sidecarPort }}"
+            - name: AUTH_LOG_LEVEL
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}"
+            - name: AUTH_UPSTREAM_URL
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
+            - name: AUTH_OIDC_AUTHORITY
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-authority\" }}"
+            - name: AUTH_OIDC_CLIENT_ID
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-client-id\" }}"
+            - name: AUTH_OIDC_CALLBACK_URL
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\" }}"
+            - name: AUTH_OIDC_CALLBACK_PATH
+              value: "{{ regex_replace_all('https?://[^/]*', request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-callback-path\", '') }}"
+            - name: AUTH_OIDC_SCOPES
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-scopes\" || 'openid,profile,email'  }}"
+            - name: AUTH_PUBLIC_PATHS
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}"
+            - name: AUTH_OIDC_COOKIE_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: auth-oidc
+                  key: cookie-secret
+            - name: AUTH_OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-credentials-secret\" || 'auth-oidc' }}"
+                  key: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oidc-credentials-secret-key\" || 'client-secret' }}"
+            resources:
+              limits:
+                cpu: 50m
+                memory: 64Mi
+              requests:
+                cpu: 10m
+                memory: 32Mi
+            readinessProbe:
+              httpGet:
+                path: /healthz
+                port: "{{ sidecarPort }}"
+              initialDelaySeconds: 2
+              periodSeconds: 5
+            livenessProbe:
+              httpGet:
+                path: /healthz
+                port: "{{ sidecarPort }}"
+              initialDelaySeconds: 5
+              periodSeconds: 10
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop:
+                - ALL
+  - name: inject-sidecar-mcp
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          annotations:
+            policies.forteapps.io/auth: "true"
+            policies.forteapps.io/auth-type: "mcp"
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - kyverno
+          - argocd
+          - cert-manager
+          - monitoring
+    context:
+    - name: appPort
+      variable:
+        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
+    - name: sidecarPort
+      variable:
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
+    mutate:
+      patchStrategicMerge:
+        spec:
+          containers:
+          - name: authn
+            image: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image\" || 'git.forteapps.net/forte/auth-sidecar' }}:{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image-version\" || 'latest' }}"
+            imagePullPolicy: Always
+            ports:
+            - containerPort: "{{ sidecarPort }}"
+              name: auth
+              protocol: TCP
+            env:
+            - name: AUTH_MODE
+              value: "mcp"
+            - name: AUTH_LISTEN_ADDR
+              value: ":{{ sidecarPort }}"
+            - name: AUTH_LOG_LEVEL
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}"
+            - name: AUTH_UPSTREAM_URL
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
+            - name: AUTH_MCP_RESOURCE
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-resource\" }}"
+            - name: AUTH_MCP_AUTHORIZATION_SERVERS
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-authority\" }}"
+            - name: AUTH_PUBLIC_PATHS
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-public-paths\" || '/healthz' }}"
+            - name: AUTH_MCP_SCOPES_SUPPORTED
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-mcp-scopes\" || 'profile'  }}"
+            resources:
+              limits:
+                cpu: 50m
+                memory: 64Mi
+              requests:
+                cpu: 10m
+                memory: 32Mi
+            readinessProbe:
+              httpGet:
+                path: /healthz
+                port: "{{ sidecarPort }}"
+              initialDelaySeconds: 2
+              periodSeconds: 5
+            livenessProbe:
+              httpGet:
+                path: /healthz
+                port: "{{ sidecarPort }}"
+              initialDelaySeconds: 5
+              periodSeconds: 10
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop:
+                - ALL
+  - name: inject-sidecar-oauth
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          annotations:
+            policies.forteapps.io/auth: "true"
+            policies.forteapps.io/auth-type: "oauth"
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - kyverno
+          - argocd
+          - cert-manager
+          - monitoring
+    context:
+    - name: appPort
+      variable:
+        jmesPath: request.object.spec.containers[?name != 'authn'] | [0].ports[0].containerPort || `3000`
+    - name: sidecarPort
+      variable:
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
+    mutate:
+      patchStrategicMerge:
+        spec:
+          containers:
+          - name: authn
+            image: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image\" || 'git.forteapps.net/forte/auth-sidecar' }}:{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-image-version\" || 'latest' }}"
+            imagePullPolicy: Always
+            ports:
+            - containerPort: "{{ sidecarPort }}"
+              name: auth
+              protocol: TCP
+            env:
+            - name: AUTH_MODE
+              value: "oauth"
+            - name: AUTH_LISTEN_ADDR
+              value: ":{{ sidecarPort }}"
+            - name: AUTH_LOG_LEVEL
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-log-level\" || 'info' }}"
+            - name: AUTH_UPSTREAM_URL
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-upstream-url\" || join('', ['http://localhost:', to_string(appPort)]) }}"
+            - name: AUTH_OAUTH_AUTHORITY
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-authority\" }}"
+            - name: AUTH_OAUTH_CLIENT_ID
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-client-id\" }}"
+            - name: AUTH_OAUTH_SCOPES
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-scopes\" || 'openid,profile,email'  }}"
+            - name: AUTH_OAUTH_DELEGATION_ENABLED
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-delegation-enabled\" || 'false'  }}"
+            - name: AUTH_OAUTH_DELEGATION_CLIENT_ID
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-delegation-client-id\" || ''  }}"
+            - name: AUTH_OAUTH_DELEGATION_SCOPES
+              value: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-delegation-scopes\" || ''  }}"
+            - name: AUTH_OAUTH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-credentials-secret\" || 'auth-oauth' }}"
+                  key: "{{ request.object.metadata.annotations.\"policies.forteapps.io/auth-oauth-credentials-secret-key\" || 'client-secret' }}"
+            - name: AUTH_OAUTH_DELEGATION_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: auth-oauth
+                  key: delegation-client-secret
+            resources:
+              limits:
+                cpu: 50m
+                memory: 64Mi
+              requests:
+                cpu: 10m
+                memory: 32Mi
+            readinessProbe:
+              httpGet:
+                path: /healthz
+                port: "{{ sidecarPort }}"
+              initialDelaySeconds: 2
+              periodSeconds: 5
+            livenessProbe:
+              httpGet:
+                path: /healthz
+                port: "{{ sidecarPort }}"
+              initialDelaySeconds: 5
+              periodSeconds: 10
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities:
+                drop:
+                - ALL
+  - name: generate-auth-network-policy
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+          annotations:
+            policies.forteapps.io/auth: "true"
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - kube-system
+          - kyverno
+          - argocd
+          - cert-manager
+          - monitoring
+    preconditions:
+      all:
+      - key: "{{ request.operation }}"
+        operator: In
+        value:
+        - CREATE
+    context:
+    - name: sidecarPort
+      variable:
+        jmesPath: to_number(request.object.metadata.annotations."policies.forteapps.io/auth-port" || '9001')
+    generate:
+      synchronize: false
+      apiVersion: networking.k8s.io/v1
+      kind: NetworkPolicy
+      name: "{{ request.object.metadata.name }}-auth-ingress"
+      namespace: "{{ request.namespace }}"
+      data:
+        metadata:
+          labels:
+            app.kubernetes.io/managed-by: kyverno
+            app.kubernetes.io/created-by: inject-auth-sidecar
+        spec:
+          podSelector:
+            matchLabels: "{{ request.object.metadata.labels }}"
+          policyTypes:
+          - Ingress
+          ingress:
+          - ports:
+            - port: "{{ sidecarPort }}"
+              protocol: TCP
@@ -0,0 +1,26 @@
+apiVersion: kyverno.io/v2
+kind: ClusterCleanupPolicy
+metadata:
+  name: clean-bare-pods
+  annotations:
+    policies.kyverno.io/title: Cleanup Bare Pods
+    policies.kyverno.io/category: Other
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: Pod
+    kyverno.io/kyverno-version: 1.11.1
+    policies.kyverno.io/minversion: 1.10.0
+    pod-policies.kyverno.io/autogen-controllers: none
+    kyverno.io/kubernetes-version: "1.27"
+    policies.kyverno.io/description: A bare Pod is any Pod created directly and not owned by a controller such as a Deployment or Job. Bare Pods are often create manually by users in an attempt to troubleshoot an issue. If left in the cluster, they create clutter, increase cost, and can be a security risk. Bare Pods can be cleaned up periodically through use of a policy. This policy finds and removes all bare Pods across the cluster.
+spec:
+  match:
+    any:
+    - resources:
+        kinds:
+        - Pod
+  conditions:
+    all:
+    - key: "{{ target.metadata.ownerReferences[] || `[]` }}"
+      operator: Equals
+      value: []
+  schedule: "*/5 * * * *"
@@ -0,0 +1,45 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: disallow-default-namespace
+  annotations:
+    pod-policies.kyverno.io/autogen-controllers: none
+    policies.kyverno.io/title: Disallow Default Namespace
+    policies.kyverno.io/minversion: 1.6.0
+    policies.kyverno.io/category: Multi-Tenancy
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: Pod
+    policies.kyverno.io/description: Kubernetes Namespaces are an optional feature that provide a way to segment and isolate cluster resources across multiple applications and users. As a best practice, workloads should be isolated with Namespaces. Namespaces should be required and the default (empty) Namespace should not be used. This policy validates that Pods specify a Namespace name other than `default`. Rule auto-generation is disabled here due to Pod controllers need to specify the `namespace` field under the top-level `metadata` object and not at the Pod template level.
+spec:
+  validationFailureAction: Enforce
+  background: true
+  rules:
+  - name: enforce-namespace
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - Pod
+    validate:
+      allowExistingViolations: false
+      message: Using 'default' namespace is not allowed.
+      pattern:
+        metadata:
+          namespace: "!default"
+  - name: enforce-podcontroller-namespace
+    skipBackgroundRequests: true
+    match:
+      any:
+      - resources:
+          kinds:
+          - DaemonSet
+          - Deployment
+          - Job
+          - StatefulSet
+    validate:
+      allowExistingViolations: false
+      message: Using 'default' namespace is not allowed for pod controllers.
+      pattern:
+        metadata:
+          namespace: "!default"
@@ -0,0 +1,37 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+  name: keycloak-client-config-cloner
+spec:
+  rules:
+  - name: clone-client-config-to-keycloak
+    skipBackgroundRequests: false
+    match:
+      any:
+      - resources:
+          kinds:
+          - Secret
+          selector:
+            matchLabels:
+              keycloak.forteapps.net/client-config: "true"
+    exclude:
+      any:
+      - resources:
+          namespaces:
+          - keycloak
+    generate:
+      apiVersion: v1
+      kind: Secret
+      name: "{{request.object.metadata.name}}"
+      namespace: keycloak
+      synchronize: true
+      data:
+        metadata:
+          labels:
+            keycloak.forteapps.net/client-config: "true"
+            keycloak.forteapps.net/source-namespace: "{{request.object.metadata.namespace}}"
+          annotations:
+            keycloak.forteapps.net/source-name: "{{request.object.metadata.name}}"
+            keycloak.forteapps.net/source-namespace: "{{request.object.metadata.namespace}}"
+        data: "{{request.object.data}}"
+        type: "{{request.object.type}}"
@@ -0,0 +1,33 @@
+apiVersion: kyverno.io/v2
+kind: ClusterCleanupPolicy
+metadata:
+  name: cleanup-empty-replicasets
+  annotations:
+    policies.kyverno.io/title: Cleanup Empty ReplicaSets
+    policies.kyverno.io/category: Other
+    policies.kyverno.io/severity: medium
+    policies.kyverno.io/subject: ReplicaSet
+    kyverno.io/kyverno-version: 1.11.1
+    policies.kyverno.io/minversion: 1.9.0
+    kyverno.io/kubernetes-version: "1.27"
+    policies.kyverno.io/description: ReplicaSets serve as an intermediate controller for various Pod controllers like Deployments. When a new version of a Deployment is initiated, it generates a new ReplicaSet with the specified number of replicas and scales down the current one to zero. Consequently, numerous empty ReplicaSets may accumulate in the cluster, leading to clutter and potential false positives in policy reports if enabled. This cleanup policy is designed to remove empty ReplicaSets across the cluster within a specified timeframe, for instance, ReplicaSets created 7 days ago, ensuring the ability to rollback to previous ReplicaSets in case of deployment issues
+spec:
+  match:
+    any:
+    - resources:
+        kinds:
+        - ReplicaSet
+  exclude:
+    any:
+    - resources:
+        namespaces:
+        - kube-system
+  conditions:
+    all:
+    - key: "{{ target.spec.replicas }}"
+      operator: Equals
+      value: 0
+    - key: "{{ time_diff('{{target.metadata.creationTimestamp}}','{{ time_now_utc() }}') }}"
+      operator: GreaterThan
+      value: 0h0m30s
+  schedule: "*/7 * * * *"
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				!function(e,r){"function"==typeof define&&define.amd?define(r):"object"==typeof exports?module.exports=r():r()(e.lunr)}(this,function(){return function(e){if(void 0===e)throw new Error("Lunr is not present. Please include / require Lunr before this script.");if(void 0===e.stemmerSupport)throw new Error("Lunr stemmer support is not present. Please include / require Lunr stemmer support before this script.");e.hi=function(){this.pipeline.reset(),this.pipeline.add(e.hi.trimmer,e.hi.stopWordFilter,e.hi.stemmer),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add(e.hi.stemmer))},e.hi.wordCharacters="ऀ-ःऄ-एऐ-टठ-यर-िी-ॏॐ-य़ॠ-९॰-ॿa-zA-Zａ-ｚＡ-Ｚ0-9０-９",e.hi.trimmer=e.trimmerSupport.generateTrimmer(e.hi.wordCharacters),e.Pipeline.registerFunction(e.hi.trimmer,"trimmer-hi"),e.hi.stopWordFilter=e.generateStopWordFilter("अत अपना अपनी अपने अभी अंदर आदि आप इत्यादि इन इनका इन्हीं इन्हें इन्हों इस इसका इसकी इसके इसमें इसी इसे उन उनका उनकी उनके उनको उन्हीं उन्हें उन्हों उस उसके उसी उसे एक एवं एस ऐसे और कई कर करता करते करना करने करें कहते कहा का काफ़ी कि कितना किन्हें किन्हों किया किर किस किसी किसे की कुछ कुल के को कोई कौन कौनसा गया घर जब जहाँ जा जितना जिन जिन्हें जिन्हों जिस जिसे जीधर जैसा जैसे जो तक तब तरह तिन तिन्हें तिन्हों तिस तिसे तो था थी थे दबारा दिया दुसरा दूसरे दो द्वारा न नके नहीं ना निहायत नीचे ने पर पहले पूरा पे फिर बनी बही बहुत बाद बाला बिलकुल भी भीतर मगर मानो मे में यदि यह यहाँ यही या यिह ये रखें रहा रहे ऱ्वासा लिए लिये लेकिन व वग़ैरह वर्ग वह वहाँ वहीं वाले वुह वे वो सकता सकते सबसे सभी साथ साबुत साभ सारा से सो संग ही हुआ हुई हुए है हैं हो होता होती होते होना होने".split(" ")),e.hi.stemmer=function(){return function(e){return"function"==typeof e.update?e.update(function(e){return e}):e}}();var r=e.wordcut;r.init(),e.hi.tokenizer=function(i){if(!arguments.length\|\|null==i\|\|void 0==i)return[];if(Array.isArray(i))return i.map(function(r){return isLunr2?new e.Token(r.toLowerCase()):r.toLowerCase()});var t=i.toString().toLowerCase().replace(/^\s+/,"");return r.cut(t).split("\|")},e.Pipeline.registerFunction(e.hi.stemmer,"stemmer-hi"),e.Pipeline.registerFunction(e.hi.stopWordFilter,"stopWordFilter-hi")}});
				`@@ -1 +0,0 @@`
				!function(e,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(e.lunr)}(this,function(){return function(e){e.multiLanguage=function(){for(var t=Array.prototype.slice.call(arguments),i=t.join("-"),r="",n=[],s=[],p=0;p<t.length;++p)"en"==t[p]?(r+="\\w",n.unshift(e.stopWordFilter),n.push(e.stemmer),s.push(e.stemmer)):(r+=e[t[p]].wordCharacters,e[t[p]].stopWordFilter&&n.unshift(e[t[p]].stopWordFilter),e[t[p]].stemmer&&(n.push(e[t[p]].stemmer),s.push(e[t[p]].stemmer)));var o=e.trimmerSupport.generateTrimmer(r);return e.Pipeline.registerFunction(o,"lunr-multi-trimmer-"+i),n.unshift(o),function(){this.pipeline.reset(),this.pipeline.add.apply(this.pipeline,n),this.searchPipeline&&(this.searchPipeline.reset(),this.searchPipeline.add.apply(this.searchPipeline,s))}}}});
				`@@ -1 +0,0 @@`
				!function(r,t){"function"==typeof define&&define.amd?define(t):"object"==typeof exports?module.exports=t():t()(r.lunr)}(this,function(){return function(r){r.stemmerSupport={Among:function(r,t,i,s){if(this.toCharArray=function(r){for(var t=r.length,i=new Array(t),s=0;s<t;s++)i[s]=r.charCodeAt(s);return i},!r&&""!=r\|\|!t&&0!=t\|\|!i)throw"Bad Among initialisation: s:"+r+", substring_i: "+t+", result: "+i;this.s_size=r.length,this.s=this.toCharArray(r),this.substring_i=t,this.result=i,this.method=s},SnowballProgram:function(){var r;return{bra:0,ket:0,limit:0,cursor:0,limit_backward:0,setCurrent:function(t){r=t,this.cursor=0,this.limit=t.length,this.limit_backward=0,this.bra=this.cursor,this.ket=this.limit},getCurrent:function(){var t=r;return r=null,t},in_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},in_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e<=s&&e>=i&&(e-=i,t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},out_grouping:function(t,i,s){if(this.cursor<this.limit){var e=r.charCodeAt(this.cursor);if(e>s\|\|e<i)return this.cursor++,!0;if(e-=i,!(t[e>>3]&1<<(7&e)))return this.cursor++,!0}return!1},out_grouping_b:function(t,i,s){if(this.cursor>this.limit_backward){var e=r.charCodeAt(this.cursor-1);if(e>s\|\|e<i)return this.cursor--,!0;if(e-=i,!(t[e>>3]&1<<(7&e)))return this.cursor--,!0}return!1},eq_s:function(t,i){if(this.limit-this.cursor<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor+s)!=i.charCodeAt(s))return!1;return this.cursor+=t,!0},eq_s_b:function(t,i){if(this.cursor-this.limit_backward<t)return!1;for(var s=0;s<t;s++)if(r.charCodeAt(this.cursor-t+s)!=i.charCodeAt(s))return!1;return this.cursor-=t,!0},find_among:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=l;m<_.s_size;m++){if(n+l==u){f=-1;break}if(f=r.charCodeAt(n+l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0\|\|e==s\|\|c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n+_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n+_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},find_among_b:function(t,i){for(var s=0,e=i,n=this.cursor,u=this.limit_backward,o=0,h=0,c=!1;;){for(var a=s+(e-s>>1),f=0,l=o<h?o:h,_=t[a],m=_.s_size-1-l;m>=0;m--){if(n-l==u){f=-1;break}if(f=r.charCodeAt(n-1-l)-_.s[m])break;l++}if(f<0?(e=a,h=l):(s=a,o=l),e-s<=1){if(s>0\|\|e==s\|\|c)break;c=!0}}for(;;){var _=t[s];if(o>=_.s_size){if(this.cursor=n-_.s_size,!_.method)return _.result;var b=_.method();if(this.cursor=n-_.s_size,b)return _.result}if((s=_.substring_i)<0)return 0}},replace_s:function(t,i,s){var e=s.length-(i-t),n=r.substring(0,t),u=r.substring(i);return r=n+s+u,this.limit+=e,this.cursor>=i?this.cursor+=e:this.cursor>t&&(this.cursor=t),e},slice_check:function(){if(this.bra<0\|\|this.bra>this.ket\|\|this.ket>this.limit\|\|this.limit>r.length)throw"faulty slice operation"},slice_from:function(r){this.slice_check(),this.replace_s(this.bra,this.ket,r)},slice_del:function(){this.slice_from("")},insert:function(r,t,i){var s=this.replace_s(r,t,i);r<=this.bra&&(this.bra+=s),r<=this.ket&&(this.ket+=s)},slice_to:function(){return this.slice_check(),r.substring(this.bra,this.ket)},eq_v_b:function(r){return this.eq_s_b(r.length,r)}}}},r.trimmerSupport={generateTrimmer:function(r){var t=new RegExp("^[^"+r+"]+"),i=new RegExp("[^"+r+"]+$");return function(r){return"function"==typeof r.update?r.update(function(r){return r.replace(t,"").replace(i,"")}):r.replace(t,"").replace(i,"")}}}}});
				`@@ -1 +0,0 @@`
				{"version":3,"sources":["src/templates/assets/stylesheets/palette/_scheme.scss","../../../../src/templates/assets/stylesheets/palette.scss","src/templates/assets/stylesheets/palette/_accent.scss","src/templates/assets/stylesheets/palette/_primary.scss","src/templates/assets/stylesheets/utilities/_break.scss"],"names":[],"mappings":"AA2BA,cAGE,6BAME,sDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CACA,mDAAA,CACA,6DAAA,CACA,+DAAA,CACA,gEAAA,CAGA,mDAAA,CACA,gDAAA,CACA,yDAAA,CACA,4DAAA,CAGA,0BAAA,CACA,mCAAA,CAGA,iCAAA,CACA,kCAAA,CACA,mCAAA,CACA,mCAAA,CACA,kCAAA,CACA,iCAAA,CACA,+CAAA,CACA,6DAAA,CACA,gEAAA,CACA,4DAAA,CACA,4DAAA,CACA,6DAAA,CAGA,6CAAA,CAGA,+CAAA,CAGA,uDAAA,CACA,6DAAA,CACA,2DAAA,CAGA,iCAAA,CAGA,yDAAA,CACA,iEAAA,CAGA,mDAAA,CACA,mDAAA,CAGA,qDAAA,CACA,uDAAA,CAGA,8DAAA,CAKA,8DAAA,CAKA,0DAAA,CAzEA,iBCiBF,CD6DE,kHAEE,YC3DJ,CDkFE,yDACE,4BChFJ,CD+EE,2DACE,4BC7EJ,CD4EE,gEACE,4BC1EJ,CDyEE,2DACE,4BCvEJ,CDsEE,yDACE,4BCpEJ,CDmEE,0DACE,4BCjEJ,CDgEE,gEACE,4BC9DJ,CD6DE,0DACE,4BC3DJ,CD0DE,2OACE,4BC/CJ,CDsDA,+FAGE,iCCpDF,CACF,CCjDE,2BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD6CN,CCvDE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDoDN,CC9DE,8BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD2DN,CCrEE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDkEN,CC5EE,8BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDyEN,CCnFE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDgFN,CC1FE,kCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDuFN,CCjGE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD8FN,CCxGE,4BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDqGN,CC/GE,6BACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCD4GN,CCtHE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDmHN,CC7HE,4BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCD6HN,CCpIE,8BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCDoIN,CC3IE,6BACE,yBAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCD2IN,CClJE,8BACE,4BAAA,CACA,2CAAA,CAIE,8BAAA,CACA,qCDkJN,CCzJE,mCACE,4BAAA,CACA,2CAAA,CAOE,yBAAA,CACA,qCDsJN,CE3JE,4BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwJN,CEnKE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgKN,CE3KE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwKN,CEnLE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgLN,CE3LE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwLN,CEnME,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgMN,CE3ME,mCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwMN,CEnNE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgNN,CE3NE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwNN,CEnOE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgON,CE3OE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwON,CEnPE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCFmPN,CE3PE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCF2PN,CEnQE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCFmQN,CE3QE,+BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAIE,+BAAA,CACA,sCF2QN,CEnRE,oCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFgRN,CE3RE,8BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCFwRN,CEnSE,6BACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCAAA,CAKA,4BF4RN,CE5SE,kCACE,6BAAA,CACA,oCAAA,CACA,mCAAA,CAOE,0BAAA,CACA,sCAAA,CAKA,4BFqSN,CEtRE,sEACE,4BFyRJ,CE1RE,+DACE,4BF6RJ,CE9RE,iEACE,4BFiSJ,CElSE,gEACE,4BFqSJ,CEtSE,iEACE,4BFySJ,CEhSA,8BACE,mDAAA,CACA,4DAAA,CACA,0DAAA,CACA,oDAAA,CACA,2DAAA,CAGA,4BFiSF,CE9RE,yCACE,+BFgSJ,CE7RI,kDAEE,0CAAA,CACA,sCAAA,CAFA,mCFiSN,CG7MI,mCD1EA,+CACE,8CF0RJ,CEvRI,qDACE,8CFyRN,CEpRE,iEACE,mCFsRJ,CACF,CGxNI,sCDvDA,uCACE,oCFkRJ,CACF,CEzQA,8BACE,kDAAA,CACA,4DAAA,CACA,wDAAA,CACA,oDAAA,CACA,6DAAA,CAGA,4BF0QF,CEvQE,yCACE,+BFyQJ,CEtQI,kDAEE,0CAAA,CACA,sCAAA,CAFA,mCF0QN,CEnQE,yCACE,6CFqQJ,CG9NI,0CDhCA,8CACE,gDFiQJ,CACF,CGnOI,0CDvBA,iFACE,6CF6PJ,CACF,CG3PI,sCDKA,uCACE,6CFyPJ,CACF","file":"palette.css"}